Re: [exim-dev] Candidate patches for privilege escalation

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M.MPhil Pennock at <-
M\Phil Pennock at ->
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: Phil Pennock
CC: exim-dev
Subject: Re: [exim-dev] Candidate patches for privilege escalation
On Mon, 2010-12-13 at 21:30 +0000, David Woodhouse wrote:
> > define a list of macros which can be overriden on the command-line with
> > -D when the user is Exim? That way, things like -DTLS can be passed
> > through safely.

Sorry, I didn't address that directly.

I did ponder it briefly but didn't see how it could be done. Would you
also have a whitelist of what the *contents* of those macros can be? Or
can I still do '-DTLS=${run{/bin/chmod u+s /bin/bash}}' or something
similar if TLS is on the list?

--
dwmw2


This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-Re: [exim-dev] External barriers to privilege escalationRe: [exim-dev] Candidate patches for privilege escalation->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)