Re: [exim-dev] Candidate patches for privilege escalation
|This message is part of the following thread:|
|the complete thread tree sorted by date|
|Andreas Metzler at|
|Andreas Metzler at|
--- doc/doc-docbook/spec.xfpt | 10 ++++++---- doc/doc-txt/IncompatibleChanges | 4 ++-- doc/doc-txt/NewStuff | 6 +++--- 3 files changed, 11 insertions(+), 9 deletions(-)
Leaving TRUSTED_CONFIG_LIST unset precludes the possibility of testing a configuration using &%-C%& right through message reception and delivery, diff --git a/doc/doc-txt/IncompatibleChanges b/doc/doc-txt/IncompatibleChanges index 50bf186..2d3394b 100644 --- a/doc/doc-txt/IncompatibleChanges +++ b/doc/doc-txt/IncompatibleChanges @@ -40,8 +40,8 @@ Exim version 4.73 Two new build options mitigate this.
* TRUSTED_CONFIG_LIST defines a file containing a whitelist of config - files that are trusted to be selected by the Exim user; this is the - recommended approach going forward. + files that are trusted to be selected by the Exim user; one per line. + This is the recommended approach going forward.
* WHITELIST_D_MACROS defines a colon-separated list of macro names which the Exim run-time user may safely pass without dropping privileges. diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index a732d9b..f668ae1 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -103,9 +103,9 @@ Version 4.73 12. [POSSIBLE CONFIG BREAKAGE] ALT_CONFIG_ROOT_ONLY is no longer optional and is forced on. This is mitigated by the new build option TRUSTED_CONFIG_LIST which defines a list of configuration files which - are trusted; if a config file is owned by root and matches a pathname in - the list, then it may be invoked by the Exim build-time user without Exim - relinquishing root privileges. + are trusted; one per line. If a config file is owned by root and matches + a pathname in the list, then it may be invoked by the Exim build-time + user without Exim relinquishing root privileges.
13. [POSSIBLE CONFIG BREAKAGE] The Exim user is no longer automatically trusted to supply -D<Macro[=Value]> overrides on the command-line. Going -- 220.127.116.11
|This message was posted to the following mailing lists:|
Mailing List Info | Nearby Messages
|[exim-dev] Exim 4.73 release process & this year's meet-up||Re: [exim-dev] Exim 4.73 release process & this year's meet-up|
|Tahini and Hummus Development Archives administrated by Hummus Admins||Lurker (version 2.3)|