Re: [exim] Alternative to the -D option

On 2011-10-10 at 16:39 +1000, Russell Stuart wrote:
> I gather from the exim's man page that -D option is now frowned upon.
> In fact if I read it correctly it doesn't work at all unless I do a
> custom compile setting WHITELIST_D_MACROS. So what is preferred
> mechanism for giving exim information? Is there another command line
> switch, or is there some way to extract it from the environment?

Build Exim with TRUSTED_CONFIG_LIST defined; that points to a file
listing the paths of defined-by-admin-to-be-safe config files.

Use another config file which sets a couple of macros and then
.include's the real config file, and then reference this new config file
in the trusted list.

That way, the precise set of available macros is locked down to files
controlled/owned by root, or the configure owner (which should _not_
include the Exim run-time user).

Sorry, the old freedom made it far too easy to escalate privileges from
the Exim run-time user to root (unless you built Exim as setuid to a
dedicated user instead of root, per some of the pointers in "52.
Security considerations").

-Phil