Re: [exim-dev] Candidate patches for privilege escalation

Top Page

Reply to this message
Author: David Woodhouse
To: Phil Pennock
CC: exim-dev
Subject: Re: [exim-dev] Candidate patches for privilege escalation
On Mon, 2010-12-13 at 21:30 +0000, David Woodhouse wrote:
> > define a list of macros which can be overriden on the command-line with
> > -D when the user is Exim? That way, things like -DTLS can be passed
> > through safely.

Sorry, I didn't address that directly.

I did ponder it briefly but didn't see how it could be done. Would you
also have a whitelist of what the *contents* of those macros can be? Or
can I still do '-DTLS=${run{/bin/chmod u+s /bin/bash}}' or something
similar if TLS is on the list?