Re: [exim] Security release for CVE-2016-1531: 4.84.2, 4.85.…

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: Andreas M. Kirchwitz
CC: exim-users
Subject: Re: [exim] Security release for CVE-2016-1531: 4.84.2, 4.85.2, 4.86.2, 4.87 RC5
Andreas M. Kirchwitz <amk@???> (Mi 09 Mär 2016 14:18:55 CET):

> If I may ask, what was the reason to clear the environment
> in the first place? It's a significant change, so I guess
> certain environment settings imposed serious problems.


Right.

> I'm a little scared now that I add exactly those variables
> to keep_environment which should be avoided at all costs.


If you only add thouse variables you really need AND if you know the
impact they could have to the behaviour of Exim itself or its libraries
or forked subprocesses, you're save. To be even more save, you may let
keep_environment untouched (empty list) and add the variables and values
you need with add_environment.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -