Re: [Exim] logwrite command not permitted when filter not running as user

Author: Drav Sloan
Date:
To: Phil Pennock
CC: exim-users
Subject: Re: [Exim] logwrite command not permitted when filter not running as user

Phil Pennock wrote:
> spec.txt tells us:
>
> forbid_filter_logwrite Type: boolean Default: false

>
> If this option is true, use of the logging facility in filter files is not > permitted. This is in any case available only if the filter is being run > under some unprivileged uid, which is normally the case for ordinary > users' .forward files on a system with "seteuid()" available.

>
> Does exim -d9 show userid switching? What does "exim -bP security" show?

# exim -qff -d9

Exim version 3.12 debug level 9 uid=0 gid=0
probably Berkeley DB version 1.8x (native mode)

[snip]

Opened spool file 14iegM-00042O-00-H
user=root uid=0 gid=0 sender=

.
.
.

calling userforward director
userforward director: file = /home/postmast/.forward
4311 bytes read from /home/postmast/.forward
file is a filter file
Filter: start of processing
Filter: end of processing
userforward director deferred postmast
message: error in filter file: logwrite command not permitted when filter not running as user
added retry item for D:postmast@???: errno=-11 0 flags=0

looks like no switch...

% exim -bP security
security =
%

Ummm... which looks vaguely disturbing (isn't meant to be one of
unprivileged or setuid?)

I tried adding 'no_check_owner = true' but that didn't change it :(

D.

-- 
    David Sloan - Senior Mail and News Systems Admin - Platform Management
  Tel: +44 845 272 0666    Fax: +44 20 8371 1167    Email: dsloan@???

This message is part of the following thread:
	the complete thread tree sorted by date
	Drav Sloan at
	Drav Sloan at

Re: [Exim] logwrite command not permitted when filter not ru…