https://bugs.exim.org/show_bug.cgi?id=1805
Bug ID: 1805
Summary: Recent Exim CVE mitigation breaks customer ability to
determine where mail was sent from.
Product: Exim
Version: 4.86
Hardware: x86
OS: All
Status: NEW
Severity: bug
Priority: medium
Component: Logging
Assignee: nigel@???
Reporter: toddr@???
CC: exim-dev@???
It turns out that checking cwd=XXX was a popular heuristic for identifying the
source of malware sending email. There are many blogs and forums on the
internet recommending to customers that they do this.
Now that exim.c changes directories to / on startup, the code that comes right
after that emits what the startup directory was is now always /.
The output would look something like this:
2016-03-04 11:46:22 cwd=/root 9 args: /usr/sbin/sendmail -FCronDaemon -i -odi
-oem -oi -t -f root
Now it looks like this:
2016-03-04 11:46:22 cwd=/ 9 args: /usr/sbin/sendmail -FCronDaemon -i -odi -oem
-oi -t -f root
--
You are receiving this mail because:
You are on the CC list for the bug.
