[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: exim-using packages - are you relying on -C or -D options?

Stephen Gran writes ("Re: exim-using packages - are you relying on -C or -D options?"):
> It doesn't appear to care about symlinks, from a quick read of exim.c.
> It seems that so long as the directory name for the file passed to it
> matches the configured directory name, it's happy.  I would test this
> rather than relying on my 5 minute guess about which is the right chunk
> of code to read, though :)

Right.  It should probably also refuse to read filenames matching
.* #* *# *~ *.tmp at the very least.  

You wouldn't want to edit your exim.conf to get rid of a security
problem and find that the attacker could just tell it to use the old
file !


Reply to: