Re: [exim] Uid used to access TLS-certificates

Página Inicial
Esta mensagem é parte da seguinte discussão:
M\Árvore completa da discussão ordenada por data
MMTony Finch em <-
MMTony Finch em ->
Delete this message
Reply to this message
Autor: Bill Hacker
Data:  
CC: exim-users
Assunto: Re: [exim] Uid used to access TLS-certificates
Tony Finch wrote:

> On Fri, 11 Feb 2005, Timo Neuvonen wrote:
>
>>Now user 'exim' seems to be used to read the certificate files.
>>Is there any way to make exim to read the certificates as root? Exim
>>executable is setuid to root, so it should be possible, I think.
>
>
> No: Exim doesn't read the certificate until the last possible moment, at
> which point it has thrown away all privilege. You can restrict readability
> of the certificate to the Exim user to hide it from other users.
>
> (It would probably be safer if Exim had an option to load the certificate
> at startup, and prompt for any passphrase; the cert would then be secure
> against compromise of the exim user.)
>
> Tony.

Hmmm.....

'What if'...

- The path to the cert was an SQL call (cert being stored in the DB)

AND

- the connecting IP was passed as part of the "SELECT ...."

Might that not provide both a means of storing an already unlocked cert
(somewhat) more securely

AND

- providing the cert that matched the domain the IP was assigned to in
multi hosting environments?

Bill Hacker




Esta mensagem foi enviada para as seguintes listas:
Exim-users
Informações da lista | Mensagens recentes		<-Re: [exim] Using exim over a GPRS connectionRe: [exim] Uid used to access TLS-certificates->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versão 2.3)