Re: [exim] unable to set gid=518 or uid=518 (euid=8)...

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Philip Hazel
Datum:  
To: Ian FREISLICH
CC: Tony Finch, exim-users
Betreff: Re: [exim] unable to set gid=518 or uid=518 (euid=8)...
On Mon, 17 Jan 2005, Ian FREISLICH wrote:

> Here's the first little bit of the debug output from the forked
> delivery process (exim run: /usr/bin/exim -d -C /etc/exim/configure.new
> oX 26 -bd).


Aarrgghh!! You are using -C. That is almost certainly the cause of the
problem.

> 9712 changed uid/gid: -C, -D, -be or -bf forces real uid
> 9712 uid=8 gid=12 pid=9712


There you go...

> I wonder if this is affecting me since the uid that runs the delivery
> process is not root:


Exactly.

> "When this option is used by a caller other than root or the Exim
> user, and the list is different from the compiled-in list, Exim
> gives up its root privilege immediately, and runs with the real and
> effective uid and gid set to those of the caller."
>
> Based on what the euid/uid are, the user that starts the delivery
> process is 'mail' (uid=8) and in Local/Makefile I set EXIM_USER=ref:mail
> so I would have expected it to work based on the above description.
> Is something else at play or is my interpretation faulty?


In a normal configuration, a delivery process needs to run as root (so
that it can create subprocesses that run under individual uids for
deliveries to different mailboxes). What goes wrong with -C, even when
used by a root caller, is this:

. root calls Exim with -C either to start a daemon, or to accept a
message directly

. because the caller is root, the -C option does NOT lose privilege

. when it starts to receive a message, it changes to the "exim" uid, as
it always does for message reception

. the message is received

. if there is now to be an immediate delivery, Exim re-exec's itself, in
order to regain root privilege; it copies the previous command line
options, including -C.

. a new process starts up as root because of the setuid

. this time, however, the caller of exim is NOT root (it is the "exim"
uid) so the process gives up root privilege, and runs as "exim"

. delivery fails

Later on, you ran an explicit delivery call to Exim as root. That will
work with -C because no re-exec is involved.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book