Re: [EXIM] 1.90 address_pipe fails

Top Page
Delete this message
Reply to this message
Author: Tony Earnshaw
Date:  
To: Exim
Subject: Re: [EXIM] 1.90 address_pipe fails
Arthur Hagen wrote:

> > What are your security worries about having the suid-bit set on the Exim
> > binary? I can't see any, and I'm extremely security conscious.


> Not so much a security concern than wanting to use exim for handling incoming
> mail, including local deliveries, and the bat to handle outgoing mail.


> And I can't see the neccessity of having exim suid root when all it wants to do
> is run processes forked off the one started as root? But perhaps there's
> something I've missed here?


I'd understood, that because Exim has to look in users' home directories
(for .forward and filter files) it has to run as the uid either of the
owner or root (whoever initiates it). Try unsetting the suid bit and see
if it still does everything it should - I think not :-(

Tony

-- 
Tony Earnshaw
Electronic_State
Groeneweg 150
3981 CP Bunnik, The Netherlands
Telephone:    +31 30 6563881
Fax:        +31 30 6562472


URL: http://www.e-state.com

**** The Magic is UNIX ****

--
*** Exim information can be found at http://www.exim.org/ ***