On Tue, 29 Jun 1999, Peter Radcliffe wrote:
> Philip Hazel <ph10@???> probably said:
> > I have already made a note to put in a warning not to use -C (or -D) to
> > start a daemon unless you have set EXIM_UID in Local/Makefile.
>
> How about logging something to paniclog and exiting, if someone does
> do it ?
That's a thought. The rule would be "If exim is called with -C or -D by
non-root/non-built-in-exim, causing it to give up root privilege, and
then if after reading the configuration file exim_user is set to the
calling user, implying that it should be privileged after all, then
panic."
As it happened, in the particular case that caused this, it did all work
without privilege (apart from a problem with logging, which I have now
fixed) because it was just doing remote deliveries, but in general one
shouldn't rely on this, so I think that preventing it is probably a good
idea.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
--
*** Exim information can be found at
http://www.exim.org/ ***