Re: [exim-dev] Candidate patches for privilege escalation

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: David Woodhouse
CC: exim-dev, Andreas Metzler
Subject: Re: [exim-dev] Candidate patches for privilege escalation
On 2010-12-15 at 20:41 +0000, David Woodhouse wrote:
> On Wed, 2010-12-15 at 19:22 +0100, Andreas Metzler wrote:
> > <Mode proxy>
> > Ian Jackson wrote on debian-devel on Tue, 14 Dec 2010:
> > > Right. It should probably also refuse to read filenames matching
> > > .* #* *# *~ *.tmp at the very least.
> > >
> > > You wouldn't want to edit your exim.conf to get rid of a security
> > > problem and find that the attacker could just tell it to use the old
> > > file !
> > </proxy>
>
> Hm, very true.
>
> I don't want to hard-code things like that if we can avoid it.
>
> Should we make the TRUSTED_CONFIG_PREFIX_LIST into a list of regexes
> instead of a list of prefixes?


Most common-grade admins I encounter/interview have some difficulty with
regular expressions. A list of prefices is nice and simple.

One perspective is that your suggestion to avoid hard-coding is to
hard-code in a different way.

How about a default regex, which we expose to Local/Makefile so that it
can be overriden. Still just as exposed, but we provide a sane default
and make it easy for people to change the prefix list without having to
touch/break the regex. They're related, sure, but are of different
mental complexity. I really don't fancy the exim-users complaints from
people who typoed into the part of the value they weren't meaning to
change.

-Phil