Bug#617811: closed by Andreas Metzler <ametzler at downhill.at.eu.org> (Re: Bug#617811: exim4 security update introduces new mode requirements for config file)

Ian Jackson ijackson at chiark.greenend.org.uk
Sat Mar 12 18:41:56 UTC 2011


> Allowing a exim-group writeable exim.conf is equivalent to giving the 
> exim-group superuser privileges.

Thanks, I know that.  Nevertheless.

| Before, these were the permission requirements (spec.txt chapter 6):
| The run time configuration file must be owned by root or by the user
| that is specified at compile time by the EXIM_USER option, or by the
| user that is specified at compile time by the CONFIGURE_OWNER option
| (if set). The configuration file must not be world-writeable or
| group-writeable, unless its group is the one specified at compile time
| by the EXIM_GROUP option or by the CONFIGURE_GROUP option.

My configuration file was mode 664 and owned by the root group and
everything worked previously.  However, I'm sorry for wrongly claiming
that it wasn't documented.

I still think that these kind of permissions checks are an
inconvenience and a waste of time but if you disagree I don't have the
effort to fight it TBH.

Thanks,
Ian.





More information about the Pkg-exim4-maintainers mailing list