Re: exim-using packages - are you relying on -C or -D options?

To: debian-devel@lists.debian.org
Subject: Re: exim-using packages - are you relying on -C or -D options?
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Tue, 14 Dec 2010 13:43:30 +0000
Message-id: <[🔎] 19719.29826.448522.385227@chiark.greenend.org.uk>
In-reply-to: <[🔎] 20101214112153.GE13651@p12n.org>
References: <[🔎] 20101212145053.GF2099@downhill.g.la> <[🔎] 19717.16407.784422.915704@chiark.greenend.org.uk> <[🔎] 20101213074540.GA13008@varinia.lobefin.net> <[🔎] 19718.3565.160216.465112@chiark.greenend.org.uk> <[🔎] 20101214105319.GA17541@varinia.lobefin.net> <[🔎] 20101214112153.GE13651@p12n.org>

Peter Samuelson writes ("Re: exim-using packages - are you relying on -C or -D options?"):
> [Stephen Gran]
> > Currently exim will accept -C to any file in any location.  This
> > makes it trivial for an attacker to escalate from exim to root by
> > making any expansion in the config file run code as a privileged
> > user.  The current alternative is to make exim refuse to execute if
> > the config file is not in a build-time configured directory.
> 
> ...Or just fstat() the file after you open it, to make sure it's owned
> by root:root, and !(mode & 002) ?  I mean, is there a legitimate case
> where this wouldn't be true?

Whenever anyone suggests something like this you can be pretty sure
they're doing it wrong.  This is no exception.

Ownership of a file does not imply endorsement of its contents.  If
you wanted to endorse the contents of a file you would have to put it
in a special location, or perhaps set a set-id bit.

Ian.

Reply to:

References:
- exim-using packages - are you relying on -C or -D options?
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>
- Re: exim-using packages - are you relying on -C or -D options?
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: exim-using packages - are you relying on -C or -D options?
  - From: Stephen Gran <sgran@debian.org>
- Re: exim-using packages - are you relying on -C or -D options?
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: exim-using packages - are you relying on -C or -D options?
  - From: Stephen Gran <sgran@debian.org>
- Re: exim-using packages - are you relying on -C or -D options?
  - From: Peter Samuelson <peter@p12n.org>

Prev by Date: Re: exim-using packages - are you relying on -C or -D options?
Next by Date: Re: Anybody else having problems w/ DNSSEC and ftp.debian.org?
Previous by thread: Re: exim-using packages - are you relying on -C or -D options?
Next by thread: Re: exim-using packages - are you relying on -C or -D options?
Index(es):
- Date
- Thread