Bug#321462: exim4-config: Issue a warning if CFILEMODE allows world-read and config file has any hide options

Marc Haber mh+debian-packages at zugschlus.de
Tue Aug 9 05:33:57 UTC 2005


On Mon, Aug 08, 2005 at 04:25:49PM -0600, Dave wrote:
> If you are worried about providing a false sense of security, then you 
> could always just print a notice (don't even worry about trying to 
> interpret the contents of the config files) that CFILEMODE is world 
> readable when that is the case:
> 
> /etc/init.d/exim4 reload
> Reloading exim4 configuration files, notice: 
> /var/lib/exim4/config.autogenerated produced with permissions 644.

I don't like the idea of the script writing that notice on every
reload on the vast majority of installations.

Additionally, since we do not ship a configuration that is in need of
hide directives, I think that somebody who is able to change the exim
configuratio that badly should be able to read the README and notice
our configuration mechanism.

I would be willing to accept a patch that looks at the file
permissions of the input file(s) and give the autogenerated config
file the least common denominator. So, if there is only one file that
is not world readable in the input, the output will at most be 640
automatically. CFILEMODE would have to be included in that least
common denominator as well.

But generating output on update-exim4.conf is something I don't like.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835




More information about the Pkg-exim4-maintainers mailing list