Re: [exim-dev] Candidate patches for privilege escalation

Top Page

Reply to this message
Author: David Woodhouse
To: Andreas Metzler
CC: exim-dev
Subject: Re: [exim-dev] Candidate patches for privilege escalation
On Thu, 2010-12-16 at 18:53 +0000, David Woodhouse wrote:
> On Thu, 2010-12-16 at 19:04 +0100, Andreas Metzler wrote:
> >
> > Not with the correct results, unless the pattern needs to match the
> > whole expression.
> >
> > ametzler@argenau:~$ /usr/sbin/exim4 -be '${if match
> > {/tmp/etc/exim4/trusted}{/etc/exim4/trusted}{yes}{no}}'
> > yes
> Yeah, I came to that conclusion last night when I was trying to
> implement it. Perhaps lines starting with a / should be a straight
> string comparison, and lines starting with ^ should be a regex?

Screw it, let's forget the prefix and regex options. The
TRUSTED_CONFIG_LIST can just be a list of simple filenames. Must be a
*precise* match to be honoured as root. Why do anything more?