Author: David Woodhouse Date: To: Andreas Metzler CC: exim-dev Subject: Re: [exim-dev] Candidate patches for privilege escalation
On Wed, 2010-12-15 at 19:22 +0100, Andreas Metzler wrote: > <Mode proxy>
> Ian Jackson wrote on debian-devel on Tue, 14 Dec 2010:
> > Right. It should probably also refuse to read filenames matching
> > .* #* *# *~ *.tmp at the very least.
> >
> > You wouldn't want to edit your exim.conf to get rid of a security
> > problem and find that the attacker could just tell it to use the old
> > file !
> </proxy>
Hm, very true.
I don't want to hard-code things like that if we can avoid it.
Should we make the TRUSTED_CONFIG_PREFIX_LIST into a list of regexes
instead of a list of prefixes?