On Wed, 29 Jan 2003, Nico Erfurth wrote:
> AFAIK exim will not setuid(0) if an untrusted caller uses -C, so yes,
> it's a security feature :)
Correct. Well, to be pedantic, the OS does the setuid(0), but Exim
quickly reverses it. A quick test with -d shows it:
$ ./exim -d -C /dev/null
Exim version 4.14 uid=1169 gid=1169 pid=15650 D=fddcaefd
Berkeley DB: Sleepycat Software: Berkeley DB 4.1.24: (September 13, 2002)
Support for: IPv6 Perl OpenSSL
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
changed uid/gid: -C, -D, -be or -bf forces real uid <================
uid=1169 gid=1169 pid=15650
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
