On 2011-01-06 Jan Wagner <waja@cyconet.org> wrote:
> Hi Andreas,
> On Thursday, 6. January 2011, Andreas Metzler wrote:
> > Changes:
> > exim4 (4.72-3~bpo50+1) lenny-backports; urgency=low
> > .
> > * Rebuild for lenny-backports.
> could you be so kind to provide a changelog back to you last upload
> to bpo?
[...]
thanks for the pointer, there you are:
-------------------------------------------------------------------------
* [README.Debian*] Correct command for manual paniclog rotation. (Thanks,
Jörg Sommer) Closes: #602188
* 67_unnecessaryCopt.diff: Do not use exim's -C option in utility scripts.
This would not work with ALT_CONFIG_PREFIX.
* Pull changes related to fixing CVE-2010-4345 from exim 4.73 rc1.
Closes: #606527
+ 1_cfile_norw_eximuid: Don't allow a configure file which is writeable by
the Exim user or group.
+ 2_permcheck_configurefile: Check configure file permissions even for
non-default files if still privileged.
+ 3_remove_ALT_CONFIG_ROOT_ONLY: Remove ALT_CONFIG_ROOT_ONLY build option,
effectively making it always true.
+ 4_FD_CLOEXEC: Set FD_CLOEXEC on SMTP sockets after forking in the
daemon, to ensure that rogue child processes cannot use them.
+ 5_TRUSTED_CONFIG_LIST: Add TRUSTED_CONFIG_LIST compile option.
+ 6_nonroot_system_filter_user: If the system filter needs to be run as
root, let that be explicitly configured. The default is now the Exim
run-time user.
+ 7_filter_D_option: Add a (compiletime) whitelist of acceptable values
for the -D option.
+ 8_updatedocumentation: Update documentation to reflect the changes.
* Build with WHITELIST_D_MACROS=OUTGOING. Post patch 7_filter_D_option exim
will not regain root privileges (usually necessary for local delivery) if
the -D option was used. Macro identifiers listed in WHITELIST_D_MACROS are
exempted from this restriction. mailscanner (4.79.11-2.2) uses -DOUTGOING.
* Build with TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. Post patch
3_remove_ALT_CONFIG_ROOT_ONLY exim will not re-gain root privileges
(usually necessary for local delivery) if the -C option was used. This
makes it impossible to start a fully functional damon with an alternate
configuration file. /etc/exim4/trusted_configs (can) contain a list of
filenames (one per line, full path given) to which this restriction does
not apply.
-------------------------------------------------------------------------
The NEWS entry might also be of interest:
-------------------------------------------------------------------------
Exim versions up to and including 4.72 are vulnerable to CVE-2010-4345.
This is a privilege escalation issue that allows the exim user to gain
root privileges by specifying an alternate configuration file using the -C
option. The macro override facility (-D) might also be misused for this
purpose.
In reaction to this security vulnerability upstream has made a number of
user visible changes. This package includes these changes.
---------------------------------------------------------
If exim is invoked with the -C or -D option the daemon will not regain
root privileges though re-execution. This is usually necessary for local
delivery, though. Therefore it is generally not possible anymore to run an
exim daemon with -D or -C options.
However this version of exim has been built with
TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. TRUSTED_CONFIG_LIST
defines a list of configuration files which are trusted; if a config file
is owned by root and matches a pathname in the list, then it may be
invoked by the Exim build-time user without Exim relinquishing root
privileges.
As a hotfix to not break existing installations of mailscanner we have
also set WHITELIST_D_MACROS=OUTGOING. i.e. it is still possible to start
exim with -DOUTGOING while being able to do local deliveries.
If you previously were using -D switches you will need to change your
setup to use a separate configuration file. The ".include" mechanism
makes this easy.
---------------------------------------------------------
The system filter is run as exim_user instead of root by default. If your
setup requies root privileges when running the system filter you will
need to set the system_filter_user exim main configuration option.
---------------------------------------------------------
-------------------------------------------------------------------------
cu andreas
Attachment:
signature.asc
Description: Digital signature