[Vmail-discuss] Security note for exim and MySQL

Eric Renfro psi-jack@xxxxxxxxxxxxx
Sun, 11 Nov 2001 13:45:06 -0600 

This is a multi-part message in MIME format.

------=_NextPart_000_003D_01C16AB7.1360B970
Content-Type: multipart/alternative;
	boundary="----=_NextPart_001_003E_01C16AB7.136CEE70"


------=_NextPart_001_003E_01C16AB7.136CEE70
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just in case, I noticed from the documentation of vmail-sql, and
exim's setup:
 
mysql_servers = host/user/pass
 
This alone, is insecure, and should be prepended with the hide
directive to look more like:
 
hide mysql_servers = host/user/pass
 
This will hide that from even just running exim -bP, which any user
could normally run, regardless if they have read access to the conf
file of exim.
 
- ---
Eric Renfro - Myrddin Computers & Designs
CEO/President
(713) 595-2104 ext. 2261
 

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment:   -- Psi-Jack <Encrypting the Net/Securely>

iQA/AwUBO+7VQLdZW96NGwakEQL7UgCaAuS9JM92SI62Wgwt/YkQNZoCJjAAn02j
82maFoTAOU/zHGop+iydf9HN
=gXnx
-----END PGP SIGNATURE-----


------=_NextPart_001_003E_01C16AB7.136CEE70
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">



Security note for exim and MySQL





-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



Just in case, I noticed from the documentation of vmail-sql, and

exim's setup:



mysql_servers =3D host/user/pass



This alone, is insecure, and should be prepended with the hide

directive to look more like:



hide mysql_servers =3D host/user/pass



This will hide that from even just running exim -bP, which any user

could normally run, regardless if they have read access to the conf

file of exim.



- ---

Eric Renfro - Myrddin Computers & Designs

CEO/President

(713) 595-2104 ext. 2261





-----BEGIN PGP SIGNATURE-----

Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

Comment:   -- Psi-Jack <Encrypting the Net/Securely>



iQA/AwUBO+7VQLdZW96NGwakEQL7UgCaAuS9JM92SI62Wgwt/YkQNZoCJjAAn02j

82maFoTAOU/zHGop+iydf9HN

=3DgXnx

-----END PGP SIGNATURE-----






------=_NextPart_001_003E_01C16AB7.136CEE70--

------=_NextPart_000_003D_01C16AB7.1360B970
Content-Type: text/x-vcard;
	name="Eric Renfro (psi-jack@myrddincd.com).vcf"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="Eric Renfro (psi-jack@myrddincd.com).vcf"

BEGIN:VCARD
VERSION:2.1
N:Renfro;Eric
FN:Eric Renfro (psi-jack@myrddincd.com)
ORG:Myrddin Computers & Designs
TITLE:CEO/President
TEL;WORK;VOICE:(713) 595-2104 X2261
TEL;HOME;VOICE:(936) 231-2895
TEL;WORK;FAX:(713) 595-2104 X2261
ADR;WORK:;;14324 Old Humble Pipeline Road;Conroe;TX;77302-4422;United =
States of America
LABEL;WORK;ENCODING=3DQUOTED-PRINTABLE:14324 Old Humble Pipeline =
Road=3D0D=3D0AConroe, TX 77302-4422=3D0D=3D0AUnited States=3D
 of America
EMAIL;PREF;INTERNET:psi-jack@myrddincd.com
REV:20011030T164102Z
END:VCARD

------=_NextPart_000_003D_01C16AB7.1360B970
Content-Type: application/octet-stream;
	name="PGPexch.rtf.asc"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="PGPexch.rtf.asc"

owHtWD1sI0UUjkAEKVKQ6OBo3qW4AxRnf7y2E2Lf4dgGghInSgynwEpovDvrHW521jczG5+JUtAg
QURDgSgoUtBSgYQQNSUNAkoKoEAUiIaemU1ysZ2NxMEFEWldrFZv33zz3pv3zeeZd6duPvzI1PLv
3z//xc7rP77/1PQnjz/00YdThz/8+vWff/z09m+H3x4c/Dz9eeurb56Ynjr84OPvrr4mPrty5dHK
e4/13rEOfpn/8tMnb3an9G/P5TKwXMQESR9ev2fZJdsNeByFMqIWuD4OAnPPDWImZZfOzqhX0w3E
gAjhBl6IuMDShDoniC7vp58tN4hiH3MGjTjhBHNo48HxNwXNCL030IbtYdSNT0YWT0aOIJ/FcI6n
P5k0tXoxjbkK0OXYN90ex5iZbpcm2Fw+Y7JLJQ3lJp7l9hH33T5FhOlMJeoWyyYcpWg7oJGfdXUl
JOrZThGqV5sbjc7OZgte6qyvweYrK2urDZgrGMatYsMwmp3m0QdnwYQO1yWVJGaIGkarPXdjfwyv
CHp2GDdaS1DVCJO+jjK36s0Js1WpQLWz2llrTXywHQvWsRCohydGLJagamQNsTLDyTSWLaiutzp1
8FRXYCZrc+vbadrlBdNcsMvqYc4BQxGuvdhqt7bqnY2tidlUfFUjIyM7a8KSCdWVjebOhK+Z5btU
hmpz9dUb+6lBtTfsnbyZMOJXdjI9xhN1FqH6wka7AwHycC3tNxDkLVyzx/ADB3S/qHiycRbV6m1v
1tvgUSREza7YpukUraWCpX7q3cqO9uVESCAMPCTwPKyOYzrHybNYEg/7oCkLMsTgx14SqUVBuvMg
DmA3QoQWxB06D4j5gO+S6LrIBlOMS/rPjdfTVgulgx+Jcf+8epVU8Q1dsGznEdeKfc+upz51mp0Z
hzRV7YzxBT1v+svXD2m899cUF7Y4kxFeY13RXz51da8jM1/KB0TtaKj4+IbAfBdzAbVsNoaxkEai
nIy+ws5ZmbMyZ+WFsrITEgGIxkzJLTlHIgkT2Es4PhJTEcYJ9aGLoc9xHzNfKfGAyDBV4pD4So4J
x54kuxhkDDSOb0MUc5yNTcltnKtvzvOc5xfL85SYuQTn1Myp+b+U4AGh9IikMkQym5npeRfvYgZv
6mMyTxgjrJeebqHQ3ZyHQUi8UIn0EDR/wUuFmsU8QpQOtf88cNxD3KdYnKf1gdbxIYRIyTfHyAfk
edpbSbkWeC9mAQSEYn3M1jMv5DvEJeSN+stHeqxGcSDHcr1D4R/n+y9oVCgUxqEsFebK1sgwlxKG
Z2cexH6WGWdaqr8XbIsTD7YwU3SEAqwPue8TffEb9ROpdfVME6BotAeunSJBEwu1DOLy5N5obRib
XEXtYybvN+ynK1bxGSgtlQq27mN8Vy6AbZetfFf4D3eFkmoAI+Nm2a7o2+mMa/jjguz/BQ==

------=_NextPart_000_003D_01C16AB7.1360B970--