Re: exim-using packages - are you relying on -C or -D options?

[Ian Jackson <ijackson@chiark.greenend.org.uk>]

Stephen Gran writes ("Re: exim-using packages - are you relying on -C or -D options?"):
> This one time, at band camp, Ian Jackson said:
> > Are you saying the current exim4 package in lenny-security already has
> > the disability you are discussing ?
> 
> AIUI, no, not yet.  Currently exim will accept -C to any file in any
> location.  This makes it trivial for an attacker to escalate from exim
> to root by making any expansion in the config file run code as a
> privileged user.

Ah, yes, I see.

>  The current alternative is to make exim refuse to
> execute if the config file is not in a build-time configured directory.
> This is what is being proposed, and if all your other config files are in
> the same place, it sounds like this won't cause a problem for you.

Right, I think it will be OK for me.

Will it follow symlinks ?  If so then the problem isn't that sever.

> The patch I'm talking about allows execution outside of the configured
> directory, but without escalated privileges.  This would be more
> flexible for users testing things, but it doesn't sound like it's
> relevant at the moment for your needs.

Indeed.

Thanks,
Ian.