On Mon, 24 Dec 2001, nick slussar wrote:
> > Here is my scenario:
> >
> > 1) run exim from inetd, like this
> > smtp stream tcp nowait mail /usr/sbin/exim exim -bs
> >
> > note the user - mail.
> >
> > 2) in exim.conf put
> >
> > exim_user = root
So you run it as "mail", but tell it to stay as root for most of the
time. The fix, of course, is to run it as root out of inetd in the first
place. That is, if you insist on not having a non-root Exim user.
> > which is required in some cases, like when exim uses pam_unix auth with
> > shadow passwords.
There are other ways round that. I am personally not happy with the
setting of the Exim user to root.
> > 3) result: host becomes fully open relay to anybody, ignoring any
> > relay-control stuff in exim.conf.
Whatever the merits of the different users, Exim clearly ought not to
contain this pitfall. What it needs is a fail-safe way of detecting
"called from inetd". Currently it uses
stdin is a socket
AND
caller is root or the Exim user
where the Exim user is the one defined in the run time configuration.
The problem arises when the caller specified in /etc/inetd.conf is not
the same as the user specified to Exim. This is a situation that could
arise whether or not exim_user is specified in the run time
configuration.
Does anybody have any good ideas for detecting "called from inetd"?
"stdin is a socket" on its own is not good enough - any user could set
that up.
Maybe the best I can do is detect the bad case, which is
stdin is a socket
AND
caller is NOT root or the Exim user
and bomb out with an error.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
