Author: Cyborg Date: To: exim-users Subject: Re: [exim] Security release for CVE-2016-1531: 4.84.2, 4.85.2,
4.86.2, 4.87 RC5
Am 09.03.2016 um 14:18 schrieb Andreas M. Kirchwitz: > If I may ask, what was the reason to clear the environment in the
> first place? It's a significant change, so I guess certain environment
> settings imposed serious problems. I'm a little scared now that I add
> exactly those variables to keep_environment which should be avoided at
> all costs. Greetings, Andreas
bash ( USER ) -> ENV LIBPATH=mydirectoryilike exim <options to load
your config> -> now your ROOT because exim is -> calls perlwrapper ->
perl load your lib from your directory -> your code in the lib gets
executed as root.
The question is, who stops the attacker from loading a config he likes
directly into exim WITH the new vars set ?