Package: exim4-config X-Debbugs-Cc: [email protected] Version: 4.98.2-1 Severity: wishlist
update-exim4.conf generates a world-readable file by default. It is possible to overlook the CFILEMODE parameter in update-exim4.conf.conf. It is especially a problem as these permissions are reapplied on exim restart, even if they were modified with chmod. As an additional protection layer (to avoid leaking LDAP or database passwords), I suggest displaying a warning when a file inside /etc/exim/conf.d/ has stricter read permissions than CFILEMODE.
