Re: [exim-dev] Candidate patches for privilege escalation

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Andreas Metzler
Fecha:  
A: exim-dev
Asunto: Re: [exim-dev] Candidate patches for privilege escalation
On 2010-12-15 David Woodhouse <dwmw2@???> wrote:
[...]
> Well, if we turn the 'trusted configs' file into a list of regexes,
> people would still be able to just treat it as a list of filenames.

[...]

Not with the correct results, unless the pattern needs to match the
whole expression.

ametzler@argenau:~$ /usr/sbin/exim4 -be '${if match {/tmp/etc/exim4/trusted}{/etc/exim4/trusted}{yes}{no}}'
yes

cu andreas