Re: Which is more secure?

Top Page
Delete this message
Reply to this message
Author: Jon Peatfield
Date:  
To: necron
CC: jp107, exim-users
New-Topics: Re: several messages
Subject: Re: Which is more secure?
> But, the way Exim is written, does Exim stay in "root" mode longer
> in "Setuid" mode than in "setuid+seteuid" mode? That is, if we were trying
> to reduce the amount of time the code is running with a uid of root,
> would you choose "setuid" or "setuid+seteuid" security mode?


The real trick IMHO is to reduce the amount of time spent running as root or
being cabable of being root. In this case setuid() is clearly better than
seteuid(), since the seteuid() case can still return to root if there is a bug
causing it to execute nasty code (e.g. a stack problem).

In the case of the setuid() code, exim must re-exec itself to gain root privs,
this may mean spending longer as root in terms of cycles spent, but the area
(or it is volume?) of code executed as root is much smaller, and the means to
break it much harder.

Just my view though.

BTW what happened to the person who claimed that he had found loads of
security holes in Exim, was it true or were they fake?

-- Jon