Re: [exim] Uid used to access TLS-certificates

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Tony Finch
Datum:  
To: Timo Neuvonen
CC: exim-users
Betreff: Re: [exim] Uid used to access TLS-certificates
On Fri, 11 Feb 2005, Timo Neuvonen wrote:
>
> Now user 'exim' seems to be used to read the certificate files.
> Is there any way to make exim to read the certificates as root? Exim
> executable is setuid to root, so it should be possible, I think.


No: Exim doesn't read the certificate until the last possible moment, at
which point it has thrown away all privilege. You can restrict readability
of the certificate to the Exim user to hide it from other users.

(It would probably be safer if Exim had an option to load the certificate
at startup, and prompt for any passphrase; the cert would then be secure
against compromise of the exim user.)

Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}