Re: [exim-dev] Pipe transport run by user?

Top Page
Delete this message
Reply to this message
Author: Bryan Henderson
Date:  
To: exim-dev
Subject: Re: [exim-dev] Pipe transport run by user?
>There are sites that do no local deliveries that are able to run Exim
>setuid "exim" rather than setuid "root".


I've been giving a lot of thought to this too, because I use a lot
less privilege on my systems than people conventionally do -- smaller
setuid programs and Linux fine-grained capabilities -- and Exim stands
out as the biggest, most complex user of root privilege in the system.

Does it have to be setuid anything? It seems to me that the Exim
executable is 3 things, at least the way I use it: 1) an SMTP server;
2) a mail originator; 3) an administrator for the SMTP server and mail
queue.

The SMTP server can just run as real 'exim' (no setuid), right? The
piped-to transport program would be setuid so that it can make local
deliveries. It can also handle forwarding, or .forward files can
simply be world readable. It can inherit it's Port 25 socket.

As a mail originator, Exim wants to directly access the mail queue for
local deliveries, but it doesn't have to. It could take advantage of
a setuid pipe transport program. Or that program could be executable
only by 'exim' and the mail originator could do an SMTP connection to
localhost. Is there a way today to configure Exim to do that (Use
SMTP transport for locally originated locally bound mail, but local
transport for SMTP originated locally bound mail)? Is there maybe
some other simple SMTP client program that one could use with an MUE
instead of Exim?

As an administrator program, I think as worst case, a real superuser
process could invoke the program, and that ought to let it do what it
needs to do.

>Exim hard-codes its configuration file, and then takes everything else
>from there.


I noticed, and I really appreciate that (along with the fact that one
can choose a different config file at run time, with appropriate loss
of setuid-based privilege).

-- 
Bryan Henderson                                    Phone 408-621-2000
San Jose, California