Re: [exim] exim4 needs CAP_SYS_RESOURCE?

Góra strony
Delete this message
Reply to this message
Autor: Marc Schiffbauer
Data:  
Dla: exim-users
Temat: Re: [exim] exim4 needs CAP_SYS_RESOURCE?
* Philip Hazel schrieb am 14.09.04 um 10:35 Uhr:
> On Mon, 13 Sep 2004, Marc Schiffbauer wrote:
>
> > I am a bit confused because my exim 4.34 wants to make use of the
> > Linux SYS_RESOURCE Capability.
> >
> > My Question is: Does anybody know if it really needs it? And if yes,
> > why?
>
> I'm not knowledgeable in this area, but my guess is that this happens as
> a result of the code that is obeyed following this comment in the Exim
> source:
>
> /* When started with root privilege, ensure that the limits on the number of
> open files and the number of processes (where that is accessible) are    
> sufficiently large, or are unset, in case Exim has been called from an      
> environment where the limits are screwed down. Not all OS have the ability to
> change some of these limits. */   


Hm. Maybe thats the answer, thanks.

So I think from a security point of view it woul not be wise to
enhance the ACL to give exim permission to do this.

I discovered that this allways happens, if apache uses the exim4
binary.

Question is: Can this behavior be disabled with some switch or
config change? www-data is a trusted user already, so that seems not
to be a solution...

-Marc

--
+------------------------------------------------------------------+
|              --> http://www.links2linux.de <--                   |
|                                                                  |

+---Registered-Linux-User-#136487------------http://counter.li.org +