Re: exim-using packages - are you relying on -C or -D options?

[Peter Samuelson <peter@p12n.org>]

[Stephen Gran]
> Currently exim will accept -C to any file in any location.  This
> makes it trivial for an attacker to escalate from exim to root by
> making any expansion in the config file run code as a privileged
> user.  The current alternative is to make exim refuse to execute if
> the config file is not in a build-time configured directory.

...Or just fstat() the file after you open it, to make sure it's owned
by root:root, and !(mode & 002) ?  I mean, is there a legitimate case
where this wouldn't be true?

-- 
Peter Samuelson | org-tld!p12n!peter | http://p12n.org/