diff options
| author | David Woodhouse <David.Woodhouse@intel.com> | 2010-12-18 23:22:17 +0000 |
|---|---|---|
| committer | David Woodhouse <David.Woodhouse@intel.com> | 2010-12-18 23:23:05 +0000 |
| commit | 7f7f05454657fe756dd06d2ee11bfe70c5a1a9a0 (patch) | |
| tree | 13d55aeb62f280ab1dc2c7c98a5dabacfd962a27 | |
| parent | be914e6c92998e85a2e22b0d171314ab03a9ad3d (diff) | |
| download | exim4-7f7f05454657fe756dd06d2ee11bfe70c5a1a9a0.tar.gz | |
Make the documentation cleared that TRUSTED_CONFIG_LIST is pathname one per line
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 10 | ||||
| -rw-r--r-- | doc/doc-txt/IncompatibleChanges | 4 | ||||
| -rw-r--r-- | doc/doc-txt/NewStuff | 6 |
3 files changed, 11 insertions, 9 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index ed966ad5e..cd142e4da 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -3334,10 +3334,12 @@ proceeding any further along the list, and an error is generated. When this option is used by a caller other than root, and the list is different from the compiled-in list, Exim gives up its root privilege immediately, and runs with the real and effective uid and gid set to those of the caller. -However, if a TRUSTED_CONFIG_LIST file is defined in &_Local/Makefile_&, root -privilege is retained for any configuration file which is listed in that file -as long as the caller is the Exim user (or the user specified in the -CONFIGURE_OWNER option, if any). +However, if a TRUSTED_CONFIG_LIST file is defined in &_Local/Makefile_&, that +file contains a list of full pathnames, one per line, for configuration files +which are trusted. Root privilege is retained for any configuration file so +listed, as long as the caller is the Exim user (or the user specified in the +CONFIGURE_OWNER option, if any), and as long as the configuration file is +not writeable by inappropriate users or groups. Leaving TRUSTED_CONFIG_LIST unset precludes the possibility of testing a configuration using &%-C%& right through message reception and delivery, diff --git a/doc/doc-txt/IncompatibleChanges b/doc/doc-txt/IncompatibleChanges index 50bf186f2..2d3394ba3 100644 --- a/doc/doc-txt/IncompatibleChanges +++ b/doc/doc-txt/IncompatibleChanges @@ -40,8 +40,8 @@ Exim version 4.73 Two new build options mitigate this. * TRUSTED_CONFIG_LIST defines a file containing a whitelist of config - files that are trusted to be selected by the Exim user; this is the - recommended approach going forward. + files that are trusted to be selected by the Exim user; one per line. + This is the recommended approach going forward. * WHITELIST_D_MACROS defines a colon-separated list of macro names which the Exim run-time user may safely pass without dropping privileges. diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index a732d9b2d..f668ae152 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -103,9 +103,9 @@ Version 4.73 12. [POSSIBLE CONFIG BREAKAGE] ALT_CONFIG_ROOT_ONLY is no longer optional and is forced on. This is mitigated by the new build option TRUSTED_CONFIG_LIST which defines a list of configuration files which - are trusted; if a config file is owned by root and matches a pathname in - the list, then it may be invoked by the Exim build-time user without Exim - relinquishing root privileges. + are trusted; one per line. If a config file is owned by root and matches + a pathname in the list, then it may be invoked by the Exim build-time + user without Exim relinquishing root privileges. 13. [POSSIBLE CONFIG BREAKAGE] The Exim user is no longer automatically trusted to supply -D<Macro[=Value]> overrides on the command-line. Going |