Bug#617811: closed by Andreas Metzler <ametzler at downhill.at.eu.org> (Re: Bug#617811: exim4 security update introduces new mode requirements for config file)
Ian Jackson
ijackson at chiark.greenend.org.uk
Sat Mar 12 18:41:56 UTC 2011
> Allowing a exim-group writeable exim.conf is equivalent to giving the
> exim-group superuser privileges.
Thanks, I know that. Nevertheless.
| Before, these were the permission requirements (spec.txt chapter 6):
| The run time configuration file must be owned by root or by the user
| that is specified at compile time by the EXIM_USER option, or by the
| user that is specified at compile time by the CONFIGURE_OWNER option
| (if set). The configuration file must not be world-writeable or
| group-writeable, unless its group is the one specified at compile time
| by the EXIM_GROUP option or by the CONFIGURE_GROUP option.
My configuration file was mode 664 and owned by the root group and
everything worked previously. However, I'm sorry for wrongly claiming
that it wasn't documented.
I still think that these kind of permissions checks are an
inconvenience and a waste of time but if you disagree I don't have the
effort to fight it TBH.
Thanks,
Ian.
More information about the Pkg-exim4-maintainers
mailing list