Bug#321462: exim4-config: Issue a warning if CFILEMODE allows world-read and config file has any hide options

Florian Weimer fw at deneb.enyo.de
Fri Aug 5 21:50:32 UTC 2005


* Dave E. Martin:

> A warning should be issued if the configuration contains sensitive
> information and CFILEMODE allows world-read (and some option isn't
> suppressing the warning); such as the presence of any exim options
> prefixed with "hide", or perhaps even just the presence of lines
> such as "mysql_servers" and similar (in this case, that line is
> likely to contain a database user/password that users show not be
> able to see).

The presence of such a warning would just give a false sense of
security, I fear.  By is nature, it would be very unreliably.  Even
Exim itself doesn't know in some cases which strings in the
configuration file are passwords, for example.




More information about the Pkg-exim4-maintainers mailing list