Bug#1136360: exim4-config: add a warning when CFILEMODE has looser permissions than some configuration files
Célestin Matte
celestin.matte at cmatte.me
Tue May 12 15:44:45 BST 2026
Package: exim4-config
X-Debbugs-Cc: cmatte at spi-inc.org
Version: 4.98.2-1
Severity: wishlist
update-exim4.conf generates a world-readable file by default. It is possible to overlook the CFILEMODE parameter in update-exim4.conf.conf. It is especially a problem as these permissions are reapplied on exim restart, even if they were modified with chmod.
As an additional protection layer (to avoid leaking LDAP or database passwords), I suggest displaying a warning when a file inside /etc/exim/conf.d/ has stricter read permissions than CFILEMODE.
More information about the Pkg-exim4-maintainers
mailing list