On Mon, 2 May 2005, José de Paula Eufrásio Júnior wrote:
> I understand that there's a chance of qmail and postfix extremists being
> present and the talk, and keep heading to the "Exim is insecure because
> it's mono-suided-binary".
> CERT shows that Exim is, indeed, pretty secure, but I'm searching for
> more technical explanations. I know Exim drops it's root privileges in
> after the routing (?) phase, but I don't know enough of programming to
> understand and discuss the "monolith problem".
Some additional technical facts:
. Exim's daemon also drops privilege as soon as it has started up and
bound to port 25 (and any other ports). Exim is never running as root
when it is communicating with an external host.
. Exim uses only setuid() when dropping privilege; it does NOT use
seteuid(). The only way it can regain privilege is by re-exec of the
binary.
See also chapter 51 of the reference manual.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book
