Re: [exim-dev] Candidate patches for privilege escalation

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MAndreas Metzler at <-
MPhil Pennock at ->
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: Andreas Metzler
CC: exim-dev
Subject: Re: [exim-dev] Candidate patches for privilege escalation
On Wed, 2010-12-15 at 19:22 +0100, Andreas Metzler wrote:
> <Mode proxy>
> Ian Jackson wrote on debian-devel on Tue, 14 Dec 2010:
> > Right. It should probably also refuse to read filenames matching
> > .* #* *# *~ *.tmp at the very least.
> >
> > You wouldn't want to edit your exim.conf to get rid of a security
> > problem and find that the attacker could just tell it to use the old
> > file !
> </proxy>

Hm, very true.

I don't want to hard-code things like that if we can avoid it.

Should we make the TRUSTED_CONFIG_PREFIX_LIST into a list of regexes
instead of a list of prefixes?

--
dwmw2


This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] List participation (exim-dev)Re: [exim-dev] Candidate patches for privilege escalation->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)