#1136360 exim4-config: add a warning when CFILEMODE has looser permissions than some configuration files #1136360
- Package:
- exim4-config
- Source:
- exim4-config
- Submitter:
- Célestin Matte
- Date:
- 2026-05-12 14:55:03 UTC
- Severity:
- normal
update-exim4.conf generates a world-readable file by default. It is possible to overlook the CFILEMODE parameter in update-exim4.conf.conf. It is especially a problem as these permissions are reapplied on exim restart, even if they were modified with chmod. As an additional protection layer (to avoid leaking LDAP or database passwords), I suggest displaying a warning when a file inside /etc/exim/conf.d/ has stricter read permissions than CFILEMODE.