Autor: David Woodhouse Data: A: Phil Pennock CC: exim-dev Assumpte: Re: [exim-dev] [PATCH] Implement -D filtering, first pass.
On Tue, 2010-12-14 at 03:54 -0500, Phil Pennock wrote: > I need sleep, so I'm sending out what I have.
>
> This change goes too far and lets users other than the Exim user also
> specify -D options without causing a privilege drop.
>
> That should be a trivial change around line 3254 (post-patch) but I'm no
> longer focusing enough to be sure I'm not missing other stuff.
>
> So, besides that, and the lack of documentation, do any maintainers have
> any comments on this approach? David?
Looks good. I did the same thing with -C (allowing users other than Exim
to specify a config as long as it was in the trusted list). It's less
obviously wrong for -C than it is for -D, but it's been bothering me,
and I think we should change it too.