diff options
| author | Phil Pennock <pdp@exim.org> | 2017-05-09 16:00:58 -0400 |
|---|---|---|
| committer | Phil Pennock <pdp@exim.org> | 2017-05-09 16:00:58 -0400 |
| commit | f33875c3a0a0ef03a2e53cfcd339791b793151f0 (patch) | |
| tree | 109391b7ca17bfab48708c1c09ccc4b9502df204 /doc/doc-txt | |
| parent | ce889807c90746896f1310e9f4957215f46f7836 (diff) | |
Add option commandline_checks_require_admin
May help with scenarios already so broken that bug report 2118 is
actually an issue (Wordpress vuln).
Diffstat (limited to 'doc/doc-txt')
| -rw-r--r-- | doc/doc-txt/ChangeLog | 8 | ||||
| -rw-r--r-- | doc/doc-txt/NewStuff | 3 | ||||
| -rw-r--r-- | doc/doc-txt/OptionLists.txt | 1 |
3 files changed, 12 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 2078b3521..4bc5235ec 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -78,6 +78,14 @@ JH/12 Fix check on SMTP command input synchronisation. Previously there were or prompt from Exim (running as a server), due to that code's lack of awareness of the SMTP input buferring. +PP/04 Add commandline_checks_require_admin option. + Exim drops privileges sanely, various checks such as -be aren't a + security problem, as long as you trust local users with access to their + own account. When invoked by services which pass untrusted data to + Exim, this might be an issue. Set this option in main configuration + AND make fixes to the calling application, such as using `--` to stop + processing options. + Exim version 4.89 ----------------- diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index cb2346f69..5fd7fbb29 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -35,6 +35,9 @@ Version 4.90 received using the ESMTP CHUNKING option, and when a new main-section option "spool_wireformat" (false by default) is set. + 8. New main configuration option "commandline_checks_require_admin" to + restrict who can use various introspection options. + Version 4.89 ------------ diff --git a/doc/doc-txt/OptionLists.txt b/doc/doc-txt/OptionLists.txt index 95d321e5c..5728643a8 100644 --- a/doc/doc-txt/OptionLists.txt +++ b/doc/doc-txt/OptionLists.txt @@ -137,6 +137,7 @@ command string* unset lmtp command_group string unset queryprogram 4.00 command_timeout time 5m smtp command_user string unset queryprogram 4.00 +commandline_checks_require_admin boolean false main 4.90 condition string* unset routers 4.00 connect_timeout time 0s smtp 1.60 connection_max_messages integer 500 smtp 4.00 replaces batch_max |