On Mon, 2016-04-18 at 11:37 +0100, Jeremy Harris wrote:
> On 18/04/16 01:47, Always Learning wrote:
> > I'll add 'PATH' to the keep_environment parameter.
> Don't just blindly do it; assess your needs and only
> keep what you need. It's a vulnerability attack
> surface.
'PATH' was someone else's helpful suggestion :-)
(1) I don't understand the purpose of keep_environment. Is it a
collection of directory/file strings (separated by colons or
semi-colons ?) that Exim uses for launching or calling routines or other
programmes ?
If so, how will that prevent an unauthorised person gaining system
access ?
(2) My Exim is in /usr/sbin/exim and it calls, to my knowledge and
belief, nothing other than its own Exim routines. It does
use /var/spool/exim/ and /var/log/exim/ but neither have executables
(binaries or text files marked executable).
Is the illuminating wisdom now in the Exim documentation ?
Thanks Jeremy.
--
Regards,
Paul.
England, EU. England's place is in the European Union.
