Re: [Exim] Does Exim have security problems?

Top Page
Delete this message
Reply to this message
Author: Nigel Metheringham
Date:  
To: Exim Users Mailing List
CC: Philip Hazel
Subject: Re: [Exim] Does Exim have security problems?
woods@??? said:
> Note that the user will only be able to play tricks with the exim
> process (such as perhaps writing to its address space on those systems
> that make the mistake of allowing this) during the time when when the
> process has dropped its privileges, eg. after it calls:


>     seteuid(real_uid);
>     /* ... process may now be vulnerable ... */


> While running as root the process is only vulnerable to the usual set
> of programming mistakes, as the process address space will most likely
> not be writable by the user, etc. (I.e. contrary to several known
> bugs with seteuid() in several systems of radically different
> heritage, there haven't ever been many bugs that made ordinary setuid
> processes vulnerable.)


Slightly unhelpfully, since this is rather OS specific, Linux has a
setfsuid() set of calls, that *only* change the effective UID used for
file access - everything else is still root, such as process
permissions.

    Nigel.


-- 
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham                  Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]