========================================================================
CVE-2020-PIDFP -- Arbitrary PID file creation
========================================================================

An attacker who obtained the privileges of the "exim" user can abuse the
-oP override_pid_file_path option to create an arbitrary file, as root.
The attacker does not, however, control the contents of this file:

f=/etc/ld.so.preload; ls -l "$f"; /usr/sbin/exim4 -bdf -oX 0 -oP "$f" & sleep 1; kill -9 "$!"; ls -l "$f"

But the attacker can combine this vulnerability with CVE-2020-LFDIR or
CVE-2020-SPDIR to create an arbitrary file with arbitrary contents and
obtain full root privileges.


