On Mon, Aug 08, 2005 at 04:25:49PM -0600, Dave wrote: > If you are worried about providing a false sense of security, then you > could always just print a notice (don't even worry about trying to > interpret the contents of the config files) that CFILEMODE is world > readable when that is the case: > > /etc/init.d/exim4 reload > Reloading exim4 configuration files, notice: > /var/lib/exim4/config.autogenerated produced with permissions 644.
I don't like the idea of the script writing that notice on every reload on the vast majority of installations. Additionally, since we do not ship a configuration that is in need of hide directives, I think that somebody who is able to change the exim configuratio that badly should be able to read the README and notice our configuration mechanism. I would be willing to accept a patch that looks at the file permissions of the input file(s) and give the autogenerated config file the least common denominator. So, if there is only one file that is not world readable in the input, the output will at most be 640 automatically. CFILEMODE would have to be included in that least common denominator as well. But generating output on update-exim4.conf is something I don't like. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
