Re: [exim-dev] Candidate patches for privilege escalation

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MDavid Woodhouse at <-
MPhil Pennock at ->
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: David Woodhouse
CC: exim-dev
Subject: Re: [exim-dev] Candidate patches for privilege escalation
On 2010-12-13 at 22:00 +0000, David Woodhouse wrote:
> Perhaps a *build* time option with a colon-separated list of the macros
> which are permitted to be defined (with no content)?

Sounds good. I might permit numbers as a value. I guess one common
override besides 0/1 is for port-numbers.

> I'm still inclined to think that putting the macros into a config file
> and using .include would be easier.

Yes. We recommend that, going forward, and mention that the build-time
option list is a migration easing method, to buy time for
sysadmins/vendors to migrate their other systems. We can document that
no new systems should be using it and we recommend avoiding it, as it
may be removed in the future; but for those currently using -D on the
command-line for the daemon we have the option to make it as easy as
possible for them to migrate to a version with the improved security and
let them *schedule* doing the work to migrate the configs to another
approach over the coming months, at their pace.

Forced changes are overhead tax for running software and can cause
resentment; no item is bad in and of itself, but when you run a lot of
software, it adds up. Since we're making a non-backwards-compatible
change, we need to ease the immediate hit and let people plan around the
changes they'll need going forward.

-Phil

This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-Re: [exim-dev] What user should ${run...} in config file run as?Re: [exim-dev] Candidate patches for privilege escalation->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)