Re: [exim-dev] What user should ${run...} in config file run…

Top Page
Delete this message
Reply to this message
Author: Nigel Metheringham
Date:  
To: exim-dev
Subject: Re: [exim-dev] What user should ${run...} in config file run as?
On 13 Dec 2010, at 15:01, Dr Andrew C Aitchison wrote:

> What proportion of exim installations use the ${run...} ${dlfunc...}
> and ${perl...} directives (I can find no evidence that we have ever
> used any of them ) ?


I suspect very few.

> Is there a good reason not to leave these features out of the default
> build and make them available only as a compile time option ?


I have a dislike of compile time options - too much variation in
functionality which then needs to be documented somewhere, and results
in Q&As plus support queries. However there may be a case for one
here - maybe an inverted (high security) option.

However a run-time config option - which interacts with the config
file ownership and invoking user - and disables all of these in one
go may also have mileage - it may still be overwritable given the right
sort of buffer overflow but its likely to be very hard.

    Nigel.



--
[ Nigel Metheringham             Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]