Re: [exim-dev] Candidate patches for privilege escalation

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Andreas Metzler
Date:  
À: exim-dev
Sujet: Re: [exim-dev] Candidate patches for privilege escalation
On 2010-12-12 David Woodhouse <dwmw2@???> wrote:
[...]
> - Add a TRUSTED_CONFIG_PREFIX_FILE option. If set, it gives a filename
> for a file that contains prefix strings, like the ALT_CONFIG_PREFIX.
> Each line in that file specifies a prefix for config files which are
> to be trusted, and executed with root privilege if seen in the -C
> option, regardless of which user Exim is invoked by. As long as the
> config file is not writeable by anyone but root, of course.

[...]

<Mode proxy>
Ian Jackson wrote on debian-devel on Tue, 14 Dec 2010:
> Right. It should probably also refuse to read filenames matching
> .* #* *# *~ *.tmp at the very least.
>
> You wouldn't want to edit your exim.conf to get rid of a security
> problem and find that the attacker could just tell it to use the old
> file !

</proxy>

See
http://mid.gmane.org/19719.51860.848292.372206@chiark.greenend.org.uk

cu andreas