On Mon, 17 Jan 2005, Ian FREISLICH wrote:
> Philip Hazel wrote:
>
> > . this time, however, the caller of exim is NOT root (it is the "exim"
> > uid) so the process gives up root privilege, and runs as "exim"
>
> Is this not a documentation bug then?
Yes. The code is correct, because you don't want an attacker who has
compromised the Exim user to be able to choose the configuration file.
Tony.
--
<fanf@???> <dot@???>
http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}