Re: [exim-dev] Candidate patches for privilege escalation

Top Page

Reply to this message
Author: Ted Cooper
Date:  
To: exim-dev
Subject: Re: [exim-dev] Candidate patches for privilege escalation
On 17/12/10 06:25, David Woodhouse wrote:
> On Thu, 2010-12-16 at 18:53 +0000, David Woodhouse wrote:
>> On Thu, 2010-12-16 at 19:04 +0100, Andreas Metzler wrote:
>>>
>>> Not with the correct results, unless the pattern needs to match the
>>> whole expression.
>>>
>>> ametzler@argenau:~$ /usr/sbin/exim4 -be '${if match
>>> {/tmp/etc/exim4/trusted}{/etc/exim4/trusted}{yes}{no}}'
>>> yes
>>
>> Yeah, I came to that conclusion last night when I was trying to
>> implement it. Perhaps lines starting with a / should be a straight
>> string comparison, and lines starting with ^ should be a regex?
>
> Screw it, let's forget the prefix and regex options. The
> TRUSTED_CONFIG_LIST can just be a list of simple filenames. Must be a
> *precise* match to be honoured as root. Why do anything more?


I liked the prefix list for not having to list every file if they were
all kept somewhere sane like /etc/exim . Am I confusing this with
ALT_CONFIG_PREFIX ?