[Exim] Exim 4: Opinion wanted on file checking

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: exim-users
Subject: [Exim] Exim 4: Opinion wanted on file checking
I'd like people's views on this issue, please:

In Exim 3, the require_files option has the feature where you can
specify a user name, and it does the stat() as that user.[1] For example,

require_files = $local_part : /home/$local_part/.procmailrc

The reason this is necessary is that in Exim 3, the directors and
routers run seteuid to the Exim user, which seemed like a good idea at
the time...

In Exim 4 things are going to be different. For added security, the
seteuid() function is not used anywhere in the code. Consequently, the
routers run as root when processing a message for delivery.[2] The only
time when root may not be able to stat() a path is if the path is NFS
mounted without root access. Question:

Is this a sufficiently important case for the ability to check files
as some other user to be retained? The only way to implement it
without using seteuid() is to fork another process that becomes the
other user.

My own feeling is that we probably no longer need this, but you may
disagree...

-------------
[1] This works only when delivering a message. When verifying an address
in an SMTP dialogue, Exim is running as the Exim user, and cannot
change.

[2] But will still run as the Exim user when verifying an address in an
SMTP dialogue.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.