On 13 Dec 2010, at 15:01, Dr Andrew C Aitchison wrote:
> What proportion of exim installations use the ${run...} ${dlfunc...}
> and ${perl...} directives (I can find no evidence that we have ever
> used any of them ) ?
I suspect very few.
> Is there a good reason not to leave these features out of the default
> build and make them available only as a compile time option ?
I have a dislike of compile time options - too much variation in
functionality which then needs to be documented somewhere, and results
in Q&As plus support queries. However there may be a case for one
here - maybe an inverted (high security) option.
However a run-time config option - which interacts with the config
file ownership and invoking user - and disables all of these in one
go may also have mileage - it may still be overwritable given the right
sort of buffer overflow but its likely to be very hard.
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
