Marc On Mon, 2011-01-31 at 17:41 +0000, Nigel Metheringham wrote: > On 31 Jan 2011, at 16:56, Marc Perkel wrote: > > I assume you are referring to this? > > > > * Exim will no longer accept a configuration file owned by the Exim > > run-time user, unless that account is explicitly the value in > > CONFIGURE_OWNER, which we discourage. Exim now checks to ensure that > > files are not writable by other accounts. > > > > You're trying to force feature that not everyone wants. I think it's a bad > > idea. You can't assume that everyone is running in an environment like what > > you imagine. It just becomes a pain in the ass for those who don't want > > your artificial restrictions.
I'm replying to Nigel's on-list reply because: 1. You clearly do not follow the mailing list; 2. You clearly have not seen the CVEs which were issued regarding security issues in Exim which permitted external third-parties to gain remote access to a system by exploiting a bug within the config file handling code; 3. I think you warrant a *slightly* - but only slightly - more polite reply. The restrictions you refer to were discussed at length on this list and the -dev list, in response to reports that bugs in Exim were being exploited. Systems have been rooted (and will continue to be, because some folks won't update). Next time we find or have a security hole reported, remind me to encourage everyone involved to speak to you personally to request that you approve the changes which result from that. Alternatively you could do what everyone else does. Read the docs, and do some research if something incompatible happens to occur with your setup. Trust me: the "pain in the ass" you are currently experience is nothing compared to someone destroying your business by rooting your servers. Graeme -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
