Re: [exim] Security release for CVE-2016-1531: 4.84.2, 4.85.…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Cyborg
Datum:  
To: exim-users
Betreff: Re: [exim] Security release for CVE-2016-1531: 4.84.2, 4.85.2, 4.86.2, 4.87 RC5
Am 09.03.2016 um 14:18 schrieb Andreas M. Kirchwitz:
> If I may ask, what was the reason to clear the environment in the
> first place? It's a significant change, so I guess certain environment
> settings imposed serious problems. I'm a little scared now that I add
> exactly those variables to keep_environment which should be avoided at
> all costs. Greetings, Andreas


bash ( USER ) -> ENV LIBPATH=mydirectoryilike exim <options to load
your config> -> now your ROOT because exim is -> calls perlwrapper ->
perl load your lib from your directory -> your code in the lib gets
executed as root.

The question is, who stops the attacker from loading a config he likes
directly into exim WITH the new vars set ?

Marius