On Tue, 15 Feb 2005, Timo Neuvonen wrote:
> A workaround might be making a temporary working copies of the files at the
> time of startup, when root privilegies are available, and granting 'exim'
> user the access rights to the files thereafter. So these temporary files
> could then be passed to the library. But I just don't know if it increased
> security by any means, since there would be temporary copies of key and
> certificate files hanging around the filesystem. If they could be just
> pointers to some memory area allocated to exim, then things maybe were
> different -then there would be no real file.
Seems very complicated, for no real gain in security. Even if held in
main memory, the data would be readable by the exim user. So I don't
think there's any gain over just having the files owned and accessable
only by exim.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book