On Wed, 12 Feb 2003, Tamas TEVESZ wrote:
hi,
a bit more information.
i've done a strace on `exim -d11 -oX2525 -bd', and the results
indicate that exim doesn't re-exec itself to gain neccessary
privileges to a user/group other than mail:mail (in my case).
relevant snippet (at least the one i think is relevant):
9410 geteuid32() = 8
9410 getegid32() = 8
9410 open("/etc/group", O_RDONLY) = 6
9410 fcntl64(6, F_GETFD) = 0
9410 fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
9410 fstat64(6, {st_mode=S_IFREG|0644, st_size=646, ...}) = 0
9410 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
9410 _llseek(6, 0, [0], SEEK_CUR) = 0
9410 read(6, "root:x:0:\ndaemon:x:1:\nbin:x:2:\ns"..., 4096) = 646
9410 close(6) = 0
9410 munmap(0x40016000, 4096) = 0
9410 setresuid32(0xffffffff, 0, 0xffffffff) = -1 EPERM (Operation not permitted)
9410 setregid32(0xffffffff, 0x67) = -1 EPERM (Operation not permitted)
9410 setresuid32(0xffffffff, 0x67, 0xffffffff) = -1 EPERM (Operation not permitted)
9410 getegid32() = 8
9410 geteuid32() = 8
9410 getgid32() = 8
9410 getuid32() = 8
9410 write(2, "require files uid=8 gid=8 euid=8"..., 40) = 40
9410 stat64("/var/lib/ecartis/lists/sfc-l/config", 0xbfffe25c) = -1 EACCES (Permission denied)
full log can be had at
http://wormhole.hu/exim_strace.txt.
i'm trying to find my way through the v3 sources to find where this
reexec should actually happen, but i'm kinda lost. anyone with a
pointing finger ?
thanks,
--
[-]
... and the rest is silence.
