* Philip Hazel schrieb am 14.09.04 um 10:35 Uhr:
> On Mon, 13 Sep 2004, Marc Schiffbauer wrote:
>
> > I am a bit confused because my exim 4.34 wants to make use of the
> > Linux SYS_RESOURCE Capability.
> >
> > My Question is: Does anybody know if it really needs it? And if yes,
> > why?
>
> I'm not knowledgeable in this area, but my guess is that this happens as
> a result of the code that is obeyed following this comment in the Exim
> source:
>
> /* When started with root privilege, ensure that the limits on the number of
> open files and the number of processes (where that is accessible) are
> sufficiently large, or are unset, in case Exim has been called from an
> environment where the limits are screwed down. Not all OS have the ability to
> change some of these limits. */
Hm. Maybe thats the answer, thanks.
So I think from a security point of view it woul not be wise to
enhance the ACL to give exim permission to do this.
I discovered that this allways happens, if apache uses the exim4
binary.
Question is: Can this behavior be disabled with some switch or
config change? www-data is a trusted user already, so that seems not
to be a solution...
-Marc
--
+------------------------------------------------------------------+
| --> http://www.links2linux.de <-- |
| |
+---Registered-Linux-User-#136487------------
http://counter.li.org +
