Re: [Exim] Does Exim have security problems?

Top Pagina
Delete this message
Reply to this message
Auteur: Nigel Metheringham
Datum:  
Aan: Philip Hazel
CC: Brian K. West, exim-users
Onderwerp: Re: [Exim] Does Exim have security problems?
ph10@??? said:
> It is worth pointing out explicitly that it is indeed possible to do
> this with Exim. If all the local deliveries can be run as exim (or you
> don't do any local deliveries), and you don't need to change uid to
> read .forward files (or you don't have any .forward files), and you
> can live without the ability to HUP the daemon (or you don't use a
> daemon) then the Exim binary can be setuid exim rather than setuid
> root and you can run with security=unprivileged.


You could also pretty much use this config with an external (to exim)
MDA final delivery agent - the /bin/mail, procmail, deliver type setup
used by sendmail.

The exim binary would need to be setuid to something other than root if
other owned processes were invoking it.

Another method of getting a daemon running without requiring root would
be to have it started by inetd in wait more - this would need some
small code changes to exim to allow it to accept a port 25 as stdin and
then hold that as a daemon socket.

    Nigel.
-- 
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham                  Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]