Re: [exim-dev] Candidate patches for privilege escalation

Pàgina inicial
Delete this message
Reply to this message
Autor: Phil Pennock
Data:  
A: David Woodhouse
CC: exim-dev
Assumpte: Re: [exim-dev] Candidate patches for privilege escalation
On 2010-12-14 at 08:06 +0000, David Woodhouse wrote:
> On Mon, 2010-12-13 at 18:01 -0500, Phil Pennock wrote:
> >
> > One of the installation modes for mailscanner is to make the spool
> > directory be a macro:
> >
> > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:exim:installation
>
> Wait a minute, wasn't that broken even *before* we started to further
> restrict the use of -C and -D?


No, because mailscanner runs as the Exim user, so is therefore trusted.