Re: exim-using packages - are you relying on -C or -D options?

To: debian-devel@lists.debian.org
Subject: Re: exim-using packages - are you relying on -C or -D options?
From: Håkon Alstadheim <hakon@alstadheim.priv.no>
Date: Tue, 14 Dec 2010 12:28:50 +0100
Message-id: <[🔎] 4D0754F2.2080901@alstadheim.priv.no>
In-reply-to: <[🔎] 20101214112153.GE13651@p12n.org>
References: <[🔎] 20101212145053.GF2099@downhill.g.la> <[🔎] 19717.16407.784422.915704@chiark.greenend.org.uk> <[🔎] 20101213074540.GA13008@varinia.lobefin.net> <[🔎] 19718.3565.160216.465112@chiark.greenend.org.uk> <[🔎] 20101214105319.GA17541@varinia.lobefin.net> <[🔎] 20101214112153.GE13651@p12n.org>

Den 14. des. 2010 12:21, skrev Peter Samuelson:

[Stephen Gran]

Currently exim will accept -C to any file in any location.  This
makes it trivial for an attacker to escalate from exim to root by
making any expansion in the config file run code as a privileged
user.  The current alternative is to make exim refuse to execute if
the config file is not in a build-time configured directory.

...Or just fstat() the file after you open it, to make sure it's owned
by root:root, and !(mode&  002) ?  I mean, is there a legitimate case
where this wouldn't be true?

If you do that please log an error when failing. Scratched my head a fewtimes over such security-measures. I know, "my bad" but still ...


--
Håkon Alstadheim / N-7510 Skatval / email:hakon@alstadheim.priv.no
tlf: 74 82 60 27 mob: 47 35 39 38
http://alstadheim.priv.no/hakon/
spamtrap: finnesikke@alstadheim.priv.no -- 1 hit&  you are out

Reply to:

References:
- exim-using packages - are you relying on -C or -D options?
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>
- Re: exim-using packages - are you relying on -C or -D options?
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: exim-using packages - are you relying on -C or -D options?
  - From: Stephen Gran <sgran@debian.org>
- Re: exim-using packages - are you relying on -C or -D options?
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: exim-using packages - are you relying on -C or -D options?
  - From: Stephen Gran <sgran@debian.org>
- Re: exim-using packages - are you relying on -C or -D options?
  - From: Peter Samuelson <peter@p12n.org>

Prev by Date: Re: exim-using packages - are you relying on -C or -D options?
Next by Date: Anybody else having problems w/ DNSSEC and ftp.debian.org?
Previous by thread: Re: exim-using packages - are you relying on -C or -D options?
Next by thread: Re: exim-using packages - are you relying on -C or -D options?
Index(es):
- Date
- Thread