Re: [exim-dev] What user should ${run...} in config file run…

トップ ページ
このメッセージを削除
このメッセージに返信
著者: David Woodhouse
日付:  
To: Graeme Fowler
CC: exim-dev
題目: Re: [exim-dev] What user should ${run...} in config file run as?
On Mon, 2010-12-13 at 09:22 +0000, Graeme Fowler wrote:
> OK, so here's the bit I don't understand...
>
> When exim is invoked as a daemon, it does some things as root and then
> drops privileges down to the defined Exim user. The question is - if run
> as a daemon, *how* does it "hang on" to some root privileges in the
> first place?


It will drop privs when run as a dæmon, and it *cannot* get them back.

> I've just looked in expand.c (where the ${run construct is expanded and
> handled) and that doesn't contain anything which would cause Exim to go
> up the auth stack, as it were.


It doesn't work like that. You cannot *gain* root privs; you can only
give them away if your process was started with them.

So what it does is fork and exec a *new* Exim process to do the
delivery. That version of Exim doesn't drop privs.

--
dwmw2