Re: [exim-dev] Candidate patches for privilege escalation

Top Page
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: Phil Pennock
CC: exim-dev
Subject: Re: [exim-dev] Candidate patches for privilege escalation
On Mon, 2010-12-13 at 18:01 -0500, Phil Pennock wrote:
>
> One of the installation modes for mailscanner is to make the spool
> directory be a macro:
>
> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:exim:installation


Wait a minute, wasn't that broken even *before* we started to further
restrict the use of -C and -D?

It says (near the end):

If there is any software running on the machine that generates email
that should be scanned (e.g. a webmail application) you can still use
this setup, but you must configure the application either to submit
email via SMTP, or to use the extra command-line options
-odq -DSPOOL=/var/spool/exim.in.

But if the application gave -DSPOOL= on the command line, it wouldn't
have been trusted. Exim would have dropped privileges to the *real*
user, not to Exim. And thus wouldn't have been allowed to write to the
spool.

--
dwmw2