Bug#617812: exim4 security update trusted_configs silently ignored
Ian Jackson
ijackson at chiark.greenend.org.uk
Fri Mar 11 16:01:01 UTC 2011
Package: exim4-base
Version: 4.69-9+lenny4
I just did the exim4 security update and it broke my mail system
because of the new restrictions on the config file which can be used.
I tried to fix this by adding an /etc/exim4/trusted_configs file as
documented in the Debian changelog but this was not effective.
I had to obtain the source and start debugging it, at which point I
noticed the code which silently ignores the trusted_configs file if it
has the "wrong" owner or mode.
As in my previous bug report, I think the restriction is unreasonable
and should be turned off in Debian.
However, if the restriction remains in the source code for exim4 (as
it probably will) then arrangements should be made to log the fact
that the trusted_configs is being ignored and why.
Ian.
More information about the Pkg-exim4-maintainers
mailing list