Re: [Exim] exim & intetd

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Jim Knoble
CC: exim-users
Subject: Re: [Exim] exim & intetd
On Mon, 14 Jan 2002, Jim Knoble wrote:

> Sounds like this sort of thing should be made configurable. I can
> easily envision situations where having exim listen on a non-privileged
> port in a controlled environment would be beneficial. E.g., testing a
> new version in an evironment where spare machines are wanting.


That's no problem. We are talking only about "inetd" style use here, not
about Exim itself listening.

> Wouldn't it be better for exim to use a specific command-line flag to
> say that it's running under inetd (and should therefore expect a socket
> on stdin)?


How then do you stop ordinary users setting this flag?

> That would solve the problem of detecting whether it
> *should* have a socket on stdin or not. Then, if the calling user is
> root or an admin user, exim would accept the socket, otherwise it
> refuses.


The problem arose because Exim currently gets it wrong when it is called
from inetd as user A (not root) and the Exim user is user B. Currently
it decides it's not inetd - disastrously. My first proposal was indeed
to make it barf in this situation. However, changing the test to "is
this a privileged port" makes that case work. It is a case that can
easily arise when a binary Exim is installed with user A in inetd (as I
think Debian does) and the sysadmin sets exim_user=B because she wants
to use a different Exim user - but doesn't know to change
/etc/inetd.conf.

In fact, I propose to make the test "stdin is a socket and EITHER the
port is privileged OR the caller is root or the Exim user".

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.