Re: exim-using packages - are you relying on -C or -D options?
Stephen Gran writes ("Re: exim-using packages - are you relying on -C or -D options?"):
> It doesn't appear to care about symlinks, from a quick read of exim.c.
> It seems that so long as the directory name for the file passed to it
> matches the configured directory name, it's happy. I would test this
> rather than relying on my 5 minute guess about which is the right chunk
> of code to read, though :)
Right. It should probably also refuse to read filenames matching
.* #* *# *~ *.tmp at the very least.
You wouldn't want to edit your exim.conf to get rid of a security
problem and find that the attacker could just tell it to use the old
file !
Ian.
Reply to: