Bug#321462: exim4-config: Issue a warning if CFILEMODE allows world-read and config file has any hide options

Dave E Martin debian-to.dave at dave.to
Fri Aug 5 17:18:33 UTC 2005


Package: exim4-config
Version: 4.44-2
Severity: wishlist


A warning should be issued if the configuration contains sensitive information
and CFILEMODE allows world-read (and some option isn't suppressing the
warning); such as the presence of any exim options prefixed with "hide", or
perhaps even just the presence of lines such as "mysql_servers" and similar
(in this case, that line is likely to contain a database user/password that
users show not be able to see).

(previous closed bug relevent to this issue: #203320)

It is relatively easy for someone to come along many months later and
alter their configuration to include sensitive information and forget
that these files turn into a /var/log/exim4/config.autogenerated that
may no longer have desirable permissions. Also, people used to
other exim installations or inheriting an already configured system that may
not be familiar with this method of doing the configuration.


-- Package-specific info:
Exim version 4.44 #1 built 27-Jan-2005 13:55:35
Copyright (c) University of Cambridge 2004
Berkeley DB: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
Support for: iconv() IPv6 GnuTLS
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Configuration file is /var/lib/exim4/config.autogenerated

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.11-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages exim4-config depends on:
ii  adduser                    3.63          Add and remove users and groups
ii  debconf [debconf-2.0]      1.4.30.11     Debian configuration management sy
ii  passwd                     1:4.0.3-30.10 change and administer password and

-- debconf information excluded




More information about the Pkg-exim4-maintainers mailing list