Re: [exim-dev] Candidate patches for privilege escalation

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: David Woodhouse
CC: exim-dev
Subject: Re: [exim-dev] Candidate patches for privilege escalation
On 2010-12-13 at 21:39 +0000, David Woodhouse wrote:
> On Mon, 2010-12-13 at 21:30 +0000, David Woodhouse wrote:
> > > define a list of macros which can be overriden on the command-line with
> > > -D when the user is Exim? That way, things like -DTLS can be passed
> > > through safely.
>
> Sorry, I didn't address that directly.
>
> I did ponder it briefly but didn't see how it could be done. Would you
> also have a whitelist of what the *contents* of those macros can be? Or
> can I still do '-DTLS=${run{/bin/chmod u+s /bin/bash}}' or something
> similar if TLS is on the list?


In this particular case, the macro would only ever really be in an
.ifdef block, so not evaluated, but your point stands for the general
case. I suspect it's a case of "don't shoot yourself in the foot".

Another option is that we apply a default regex for permitted content of
macros overriden, permitting empty and some simple strings, and let the
admin specify a different regexp if needed. The "different regexp" can
be a v2 feature, implemented if anyone ever actually asks for it.

There are a whole bunch of standing regexps compiled at start-up, I see
no harm in adding another.

-Phil