On Tue, 4 Nov 2003, Andreas Metzler wrote:
> > I want to bind in the uid numerically because that feels more secure -
> > that is a paranoia argument.
>
> Is it more than a gut-feeling? Many daemons work without hardcoding the
> uid. (e.g. postfix does not, qmail OTOH does.) I am not trying to
> second-guess you, just asking, you know this stuff, I don't.
Partly gut feeling, and partly that, because of the way Exim is
designed, new instances of Exim start up frequently. By having the uid
hard-coded in the binary, you save having to look it up every time.
However, how much this actually saves in practice, I don't know. Of
course it depends on how the user information is kept - NIS, flat file,
indexed file, etc...
I have put this on the Wish List, but it may be a while before anything
happens. I want to get a new, fully documented release out in a few
weeks' time, and the documentation itself needs a lot of work.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book
