Mailing List Archive

On Fri, May 12, 2023 at 07:46:54AM -0500, Robert Nicholson via Exim-users wrote:
> How can I test my userforward .forward script with exim?
>
> I’m not the administrator.
>
> Where 1.txt has the contents of the email.
>
> /usr/sbin/exim -bf $HOME/.forward < /tmp/1.txt
> 2023-05-12 05:43:38 failed to open configuration file /etc/exim.conf:
> Permission denied (euid=1043 egid=1045)

If exim.conf is not readable by normal users, I'd consider it a
serious misconfiguration. Talk to the admin about that.

--
Ian

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Sat, 13 May 2023 at 00:10, Ian Z via Exim-users <
exim-users@lists.exim.org> wrote:

> If exim.conf is not readable by normal users, I'd consider it a
> serious misconfiguration. Talk to the admin about that.
>

The exim binary is usually setuid root, so there's no need for the config
file to be readable by regular users. e.g.

$ ls -al /usr/sbin/exim4
-rwsr-xr-x 1 root root 1512616 Jul 13 2021 /usr/sbin/exim4

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Sun, May 14, 2023 at 11:51:35AM +0100, Martin A. Brooks wrote:

> > If exim.conf is not readable by normal users, I'd consider it a
> > serious misconfiguration. Talk to the admin about that.

> The exim binary is usually setuid root, so there's no need for the config
> file to be readable by regular users. e.g.

On my systems, it is usually setuid root but not world
executable. Another program takes the role of a submission agent.

But that's quite beside the point. exim.conf should be world readable
for the sake of users reading it with cat, less or emacs, to figure
out what the configuration is. Anything else amounts to security by
obscurity.

--
Ian

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 15/05/2023 06:52, Ian Z via Exim-users wrote:
> exim.conf should be world readable
> for the sake of users reading it with cat, less or emacs, to figure
> out what the configuration is. Anything else amounts to security by
> obscurity.

There are often secrets in the config (eg. database-access credentials).
Having it world-readable in uncommon.

There are defined command-line methods for extracting cleaned info.
--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Mon, 15 May 2023 at 06:54, Ian Z via Exim-users <
exim-users@lists.exim.org> wrote:

> But that's quite beside the point. exim.conf should be world readable
> for the sake of users reading it with cat, less or emacs, to figure
> out what the configuration is. Anything else amounts to security by
> obscurity.
>

Given it can contain secrets such as database credentials, that's obviously
an incorrect statement.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Mon, May 15, 2023 at 12:14:03PM +0100, Martin A. Brooks wrote:

> > But that's quite beside the point. exim.conf should be world readable
> > for the sake of users reading it with cat, less or emacs, to figure
> > out what the configuration is. Anything else amounts to security by
> > obscurity.

> Given it can contain secrets such as database credentials, that's obviously
> an incorrect statement.

Have secrets in a separate file?

--
Ian

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Howdy all

On 15 May 2023, at 17:18, Ian Z via Exim-users <exim-users@lists.exim.org> wrote:
> Have secrets in a separate file?

That can be done already, in a variety of different ways. I suggest you have a read of the documentation.

That said, a lot of server software which may use privileged ports or provide access to content - like Apache httpd, Tomcat, MariaDB, PostgreSQL etc - do not allow arbitrary non-privileged users to read their configuration.

It's not security by obscurity, it's a basic fundamental good practice on UNIX-like systems and it's been like that since the very early days of the OS. It's not likely to change any time soon.

Graeme

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Mon, May 15, 2023 at 05:45:33PM +0100, Graeme Fowler via Exim-users wrote:

> > Have secrets in a separate file?

> That can be done already, in a variety of different ways. I suggest
> you have a read of the documentation.

If that was meant for me, it's a misunderstanding. I am very well aware
of the possibilities, I was pointing that out myself.

> That said, a lot of server software which may use privileged ports
> or provide access to content - like Apache httpd, Tomcat, MariaDB,
> PostgreSQL etc - do not allow arbitrary non-privileged users to read
> their configuration.

> It's not security by obscurity, it's a basic fundamental good
> practice on UNIX-like systems and it's been like that since the very
> early days of the OS. It's not likely to change any time soon.

In a default install of Debian (and systems derived from it) certainly
most of those files are world readable. I think the same is the case
for other major distros, though I have used them much less.

--
Ian

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/