On Wed, 19 Dec 2001, Sheldon Hearn wrote:
> > Sorry, Sheldon, but I'm afraid that's not true. An Exim delivery process
> > retains privilege until after it has done local deliveries. Each local
> > delivery is done in a subprocess which throws away privilege, but the
> > controlling process retains privilege.
>
> Oooer. :-(
>
> This could be avoided if each delivery process were exec()'d, though,
> yes?
No, it cannot be avoided. Most delivery processes *are* exec{}'d,
precisely in order to obtain privilege. The delivery process needs
privilege so that it can run sub-processes which each become the
relevant user for local delivery.
This can only be avoided if you are running in a restricted environment
where either no local deliveries are done, or they are all done as the
exim user, and you don't want .forward file support. As documented in
section 46.2 in the Exim 4 manual, "Running Exim without privilege".
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.