Re: [exim-dev] Candidate patches for privilege escalation

Top Page
This message is part of the following thread:
M++\the complete thread tree sorted by date
MMMMDavid Woodhouse at <-
MPhil Pennock at ->
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: Phil Pennock
CC: exim-dev
Subject: Re: [exim-dev] Candidate patches for privilege escalation
On Sun, 2010-12-12 at 05:28 -0500, Phil Pennock wrote:
> > - Don't use config files as root if they're writeable by non-root
> > users/groups. Including the Exim user/group.
>
> This appears to be a mis-leading statement. Really, you're removing the
> Exim user/group from being permitted owners by default. But if instead
> we look at what you wrote as the goal, then this is awkward.

I gave you a fairly firm rebuttal to this, but I don't want to give the
impression that I'm not open to alternative suggestions. We do need to
be very careful about the privilege separation though, otherwise it's
just a fig leaf. I'd be very interested to hear alternatives if you have
them.

OTOH if we *have* reached a consensus that what's in my git tree is
fairly much the way forward, then I'd like to push it today and then we
can concentrate on testing and making sure that the extra restrictions
haven't broken functionality in various corner cases.

--
dwmw2


This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-Re: [exim-dev] potential exploitation vectorRe: [exim-dev] What user should ${run...} in config file run as?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)