Hi Listreaders, I just found exim's(3) config file in woody is installed with 0644 file permission by default. This might be okay for standard-installation, but might that not rise a security bug as soon, as you use either - client side authentification and have to insert the password there somewhere? - an other backend as /etc/passwd or simmilar? For example getting eMail-adresses from ldap or any other database needs some password to connect to it. Might it be not more secure installing /etc/exim/exim.conf 0640 with root:mail file-permission? I am not shure about that, so i did not open a bug at the BTS yet. Please give me advice. -- Regards, | Debian GNU / / _ _ _ _ _ __ __ . | / /__ / / / \// //_// \ \/ / Martin Helas | /____/ /_/ /_/\/ /___/ /_/\_\ mailto:mhelas@helas.net | because reboots are for hardware upgrades. PGP-Fingerprint: 1474 4CAC EF5C ECFA E29E 2CB1 7929 AB90 F7AC 3AF
Attachment:
signature.asc
Description: Digital signature