Re: [exim-dev] Candidate patches for privilege escalation

Top Page

Reply to this message
Author: David Woodhouse
To: Phil Pennock
CC: exim-dev
Subject: Re: [exim-dev] Candidate patches for privilege escalation
On Sun, 2010-12-12 at 05:28 -0500, Phil Pennock wrote:
> > - Don't use config files as root if they're writeable by non-root
> > users/groups. Including the Exim user/group.
> This appears to be a mis-leading statement. Really, you're removing the
> Exim user/group from being permitted owners by default. But if instead
> we look at what you wrote as the goal, then this is awkward.

I gave you a fairly firm rebuttal to this, but I don't want to give the
impression that I'm not open to alternative suggestions. We do need to
be very careful about the privilege separation though, otherwise it's
just a fig leaf. I'd be very interested to hear alternatives if you have

OTOH if we *have* reached a consensus that what's in my git tree is
fairly much the way forward, then I'd like to push it today and then we
can concentrate on testing and making sure that the extra restrictions
haven't broken functionality in various corner cases.