On 2011-01-06 Jan Wagner <waja@cyconet.org> wrote: > Hi Andreas, > On Thursday, 6. January 2011, Andreas Metzler wrote: > > Changes: > > exim4 (4.72-3~bpo50+1) lenny-backports; urgency=low > > . > > * Rebuild for lenny-backports. > could you be so kind to provide a changelog back to you last upload > to bpo? [...] thanks for the pointer, there you are: ------------------------------------------------------------------------- * [README.Debian*] Correct command for manual paniclog rotation. (Thanks, Jörg Sommer) Closes: #602188 * 67_unnecessaryCopt.diff: Do not use exim's -C option in utility scripts. This would not work with ALT_CONFIG_PREFIX. * Pull changes related to fixing CVE-2010-4345 from exim 4.73 rc1. Closes: #606527 + 1_cfile_norw_eximuid: Don't allow a configure file which is writeable by the Exim user or group. + 2_permcheck_configurefile: Check configure file permissions even for non-default files if still privileged. + 3_remove_ALT_CONFIG_ROOT_ONLY: Remove ALT_CONFIG_ROOT_ONLY build option, effectively making it always true. + 4_FD_CLOEXEC: Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure that rogue child processes cannot use them. + 5_TRUSTED_CONFIG_LIST: Add TRUSTED_CONFIG_LIST compile option. + 6_nonroot_system_filter_user: If the system filter needs to be run as root, let that be explicitly configured. The default is now the Exim run-time user. + 7_filter_D_option: Add a (compiletime) whitelist of acceptable values for the -D option. + 8_updatedocumentation: Update documentation to reflect the changes. * Build with WHITELIST_D_MACROS=OUTGOING. Post patch 7_filter_D_option exim will not regain root privileges (usually necessary for local delivery) if the -D option was used. Macro identifiers listed in WHITELIST_D_MACROS are exempted from this restriction. mailscanner (4.79.11-2.2) uses -DOUTGOING. * Build with TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. Post patch 3_remove_ALT_CONFIG_ROOT_ONLY exim will not re-gain root privileges (usually necessary for local delivery) if the -C option was used. This makes it impossible to start a fully functional damon with an alternate configuration file. /etc/exim4/trusted_configs (can) contain a list of filenames (one per line, full path given) to which this restriction does not apply. ------------------------------------------------------------------------- The NEWS entry might also be of interest: ------------------------------------------------------------------------- Exim versions up to and including 4.72 are vulnerable to CVE-2010-4345. This is a privilege escalation issue that allows the exim user to gain root privileges by specifying an alternate configuration file using the -C option. The macro override facility (-D) might also be misused for this purpose. In reaction to this security vulnerability upstream has made a number of user visible changes. This package includes these changes. --------------------------------------------------------- If exim is invoked with the -C or -D option the daemon will not regain root privileges though re-execution. This is usually necessary for local delivery, though. Therefore it is generally not possible anymore to run an exim daemon with -D or -C options. However this version of exim has been built with TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. TRUSTED_CONFIG_LIST defines a list of configuration files which are trusted; if a config file is owned by root and matches a pathname in the list, then it may be invoked by the Exim build-time user without Exim relinquishing root privileges. As a hotfix to not break existing installations of mailscanner we have also set WHITELIST_D_MACROS=OUTGOING. i.e. it is still possible to start exim with -DOUTGOING while being able to do local deliveries. If you previously were using -D switches you will need to change your setup to use a separate configuration file. The ".include" mechanism makes this easy. --------------------------------------------------------- The system filter is run as exim_user instead of root by default. If your setup requies root privileges when running the system filter you will need to set the system_filter_user exim main configuration option. --------------------------------------------------------- ------------------------------------------------------------------------- cu andreas
Attachment:
signature.asc
Description: Digital signature