diff options
author | David Woodhouse <David.Woodhouse@intel.com> | 2010-12-16 22:29:53 +0000 |
---|---|---|
committer | David Woodhouse <David.Woodhouse@intel.com> | 2010-12-16 22:29:53 +0000 |
commit | 90b6341f7282beed1175e942a113c30c212425c9 (patch) | |
tree | 849596497e1b71491c85e8f9c28088211c637170 /doc/doc-txt/NewStuff | |
parent | 8f29c95072dea6fbd8476afa3c990de62b40fafd (diff) |
Turn TRUSTED_CONFIG_PREFIX_LIST into TRUSTED_CONFIG_LIST. No prefix or regexes
Diffstat (limited to 'doc/doc-txt/NewStuff')
-rw-r--r-- | doc/doc-txt/NewStuff | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index b9d88ff82..a732d9b2d 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -102,19 +102,19 @@ Version 4.73 12. [POSSIBLE CONFIG BREAKAGE] ALT_CONFIG_ROOT_ONLY is no longer optional and is forced on. This is mitigated by the new build option - TRUSTED_CONFIG_PREFIX_LIST which defines a list of pathname prefices which - are trusted; if a config file is owned by root and is under that prefix, - then it may be used by the Exim run-time user. + TRUSTED_CONFIG_LIST which defines a list of configuration files which + are trusted; if a config file is owned by root and matches a pathname in + the list, then it may be invoked by the Exim build-time user without Exim + relinquishing root privileges. 13. [POSSIBLE CONFIG BREAKAGE] The Exim user is no longer automatically trusted to supply -D<Macro[=Value]> overrides on the command-line. Going - forward, we recommend using TRUSTED_CONFIG_PREFIX_LIST with shim configs - that include the main config. As a transition mechanism, we are - temporarily providing a work-around: the new build option - WHITELIST_D_MACROS provides a colon-separated list of macro names which - may be overriden by the Exim run-time user. The values of these macros - are constrained to the regex ^[A-Za-z0-9_/.-]*$ (which explicitly does - allow for empty values). + forward, we recommend using TRUSTED_CONFIG_LIST with shim configs that + include the main config. As a transition mechanism, we are temporarily + providing a work-around: the new build option WHITELIST_D_MACROS provides + a colon-separated list of macro names which may be overriden by the Exim + run-time user. The values of these macros are constrained to the regex + ^[A-Za-z0-9_/.-]*$ (which explicitly does allow for empty values). Version 4.72 |