On Wed, 19 Dec 2001, Sheldon Hearn wrote:
> Actually, Exim's invulnerability to abuse of its setuid privelege isn't
> hard to prove. There's not that much code to audit between program
> execution and setuid()/setgid() time.
Sorry, Sheldon, but I'm afraid that's not true. An Exim delivery process
retains privilege until after it has done local deliveries. Each local
delivery is done in a subprocess which throws away privilege, but the
controlling process retains privilege.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.