Re: [exim-dev] What user should ${run...} in config file run…

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: Dr Andrew C Aitchison
CC: exim-dev, David Woodhouse
Subject: Re: [exim-dev] What user should ${run...} in config file run as?
Dr Andrew C Aitchison wrote:
> On Mon, 13 Dec 2010, David Woodhouse wrote:
>
>> Why the hell did this work anyway?
>>
>> cat > e.conf<<'EEE'
>> spool_directory = ${run{/bin/chown root:root /var/spool/exim4/setuid}}
>> ${run{/bin/chmod 4755 /var/spool/exim4/setuid}}
>> EEE
>> exim -Ce.conf -q
>>
>> Why are we invoking ${run...} directives in the config file as root? Why
>> aren't we doing it as the Exim user?
>
> What proportion of exim installations use the ${run...} ${dlfunc...}
> and ${perl...} directives (I can find no evidence that we have ever
> used any of them ) ?


List discussions of those indicate that several folks - some perhaps
high-traffic, even if low box-count, DO use, and rely on, one of more of them.

>
> Is there a good reason not to leave these features out of the default
> build and make them available only as a compile time option ?
>


Given the obstacles to a one-size-fits-all solution to sanitizing those, that
looks like at least a near-term way to get a 'safer' rev out the door soonest.

They could go back into the default later - if/as/when more time has produced a
viable - and tested - consensus as to how-so. AND/OR remain compile-time
options, as many other things are.

Bill