Re: [exim] Exim 4.84_2 #1 : WARNING: purging the environment…

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Ian Zimmerman
日付:  
To: exim-users
題目: Re: [exim] Exim 4.84_2 #1 : WARNING: purging the environment.
On 2016-04-18 21:48 +0100, Always Learning wrote:

> (1) I don't understand the purpose of keep_environment.


[...]

> If so, how will that prevent an unauthorised person gaining system
> access ?


It has been possible for a long time (always?) to build Exim such in way
as to include its own Perl engine [1], which is then available to
magically transform your configuration. The vulnerability, AFAIK, comes
from the fact that the environment settings are available to the Perl
engine, which could do essentially anything (with the identity of the
Exim process, which means at least initially root).

If your Exim build doesn't include the Perl engine, you are not
vulnerable; but the fix is included anyway :-P

> (2) My Exim is in /usr/sbin/exim and it calls, to my knowledge and
> belief, nothing other than its own Exim routines. It does use
> /var/spool/exim/ and /var/log/exim/ but neither have executables
> (binaries or text files marked executable).


On a Unix like system many programs will send machine-generated email.
They do that, behind the covers, by executing /usr/sbin/sendmail (or
maybe /usr/lib/sendmail or something similar). That name is always, in
a "factory" configuration, a symbolic link to the mail transport agent
[MTA] in use, in your case Exim.

In fact, many interactive mail clients (like mailx or mutt) work the
same way by default when sending email, although some can be configured
to connect to the SMTP socket of the MTA daemon.

What other up-thread meant was that you are safe if instead you make your
own wrapper /usr/sbin/sendmail program which discards or cleans up the
environment itself, and then calls Exim. You'd _also_ need to remove
any setuid or setgid [2] permission bits that the Exim binary has on
your system.

[1] hoping that you know what Perl is

[2] ditto for setuid/setgid

--
Please *no* private copies of mailing list or newsgroup messages.
Rule 420: All persons more than eight miles high to leave the court.