------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1454
--- Comment #4 from Todd Lyons <tlyons@???> 2014-04-24 15:13:34 ---
Can you see if the patch still works with this small change:
- else if (Ustrcmp(argrest, "Mm") == 0) message_reference = argv[++i];
+ else if (Ustrcmp(argrest, "Mm") == 0)
+ {
+ if (trusted_config && mac_ismsgid(argv[i+1]) )
+ message_reference = argv[++i];
+ else
+ DEBUG(D_any) debug_printf("-oMm must be a valid message ID, called
by a trusted user/config\n");
+ }
I don't like arbitrarily being able to set a value that could be used to log
erroneous or misleading message id's. The way you are using it is fine, but
any local account being able to specify a message-id could produce falsified
audit logs, and we really need to prevent that. You essentially want -E but
without the error condition being set, so the feature needs a bit extra
protection.
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email
