I'd like people's views on this issue, please:
In Exim 3, the require_files option has the feature where you can
specify a user name, and it does the stat() as that user.[1] For example,
require_files = $local_part : /home/$local_part/.procmailrc
The reason this is necessary is that in Exim 3, the directors and
routers run seteuid to the Exim user, which seemed like a good idea at
the time...
In Exim 4 things are going to be different. For added security, the
seteuid() function is not used anywhere in the code. Consequently, the
routers run as root when processing a message for delivery.[2] The only
time when root may not be able to stat() a path is if the path is NFS
mounted without root access. Question:
Is this a sufficiently important case for the ability to check files
as some other user to be retained? The only way to implement it
without using seteuid() is to fork another process that becomes the
other user.
My own feeling is that we probably no longer need this, but you may
disagree...
-------------
[1] This works only when delivering a message. When verifying an address
in an SMTP dialogue, Exim is running as the Exim user, and cannot
change.
[2] But will still run as the Exim user when verifying an address in an
SMTP dialogue.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.