Re: [exim] Uid used to access TLS-certificates

Top Page
Delete this message
Reply to this message
Author: Tony Finch
Date:  
To: Timo Neuvonen
CC: exim-users
Subject: Re: [exim] Uid used to access TLS-certificates
On Fri, 11 Feb 2005, Timo Neuvonen wrote:
>
> Now user 'exim' seems to be used to read the certificate files.
> Is there any way to make exim to read the certificates as root? Exim
> executable is setuid to root, so it should be possible, I think.


No: Exim doesn't read the certificate until the last possible moment, at
which point it has thrown away all privilege. You can restrict readability
of the certificate to the Exim user to hide it from other users.

(It would probably be safer if Exim had an option to load the certificate
at startup, and prompt for any passphrase; the cert would then be secure
against compromise of the exim user.)

Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}