[exim-dev] Security considerations: use_shell

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Phil Pennock
Ημερομηνία:  
Προς: exim-dev
Αντικείμενο: [exim-dev] Security considerations: use_shell
I've pushed commit 5336c0d adding a new section to the Security
Considerations chapter of The Exim Specification.

There's probably more we can add here.

Context:
https://www.redteam-pentesting.de/de/advisories/rt-sa-2013-001/-exim-with-dovecot-typical-misconfiguration-leads-to-remote-command-execution

People keep using use_shell and our warnings are perhaps not strong
enough as they stand. Adding them into the security considerations
chapter might provide for better review, with security teams talking to
postmasters to find workable balances in the use of features called out
as dangerous.

-Phil