[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: exim-using packages - are you relying on -C or -D options?

Den 14. des. 2010 12:21, skrev Peter Samuelson:
[Stephen Gran]
Currently exim will accept -C to any file in any location.  This
makes it trivial for an attacker to escalate from exim to root by
making any expansion in the config file run code as a privileged
user.  The current alternative is to make exim refuse to execute if
the config file is not in a build-time configured directory.
...Or just fstat() the file after you open it, to make sure it's owned
by root:root, and !(mode&  002) ?  I mean, is there a legitimate case
where this wouldn't be true?

If you do that please log an error when failing. Scratched my head a few times over such security-measures. I know, "my bad" but still ...

Håkon Alstadheim / N-7510 Skatval / email:hakon@alstadheim.priv.no
tlf: 74 82 60 27 mob: 47 35 39 38
spamtrap: finnesikke@alstadheim.priv.no -- 1 hit&  you are out

Reply to: