Author: W B Hacker Date: To: Axel Rau CC: Phil Pennock, exim-dev Subject: Re: [exim-dev] [Bug 1031] Implement database logging of completed
remote delivery
Axel Rau wrote: >
> Am 14.02.2011 um 19:16 schrieb Phil Pennock:
>
>>
>> Will you settle for 4.76? :)
> OK.
> ...
>
>> although I do wonder about what happens with DB connections
>> happening from multiple users, depending on which user Exim was running
>> as when it opened the connection?
>
> You mean a multi-users system, where exim is used for submission?
> If exim is not setuid root/exim_user then my code won't work
> in that situation. It requires either setuid executable or an outgoing
> relay,
> which would do the job. Same is true with other DB-lookups.
> All my experience is based on networked clients which connect to a daemon
> (usually IMAP with submission capability) on a server which has no user
> accounts on it.
>
> Axel
> ---
> axel.rau@??? PGP-Key:29E99DD6 +49 151 2300 9283 computing @ chaos
> claudius
>
>
>
Axel, all...
Coming late to a discussion not of my making .. worse, probably forgetting
earlier discussions...
...but one has never needed setuid root <nor anything else special> to write
logs or, indeed essentially *anything* into a DB with *unpatched* Exim 4.4X
onward..
All that is needed is a valid set of DB access credentials and the use of
'INSERT', 'UPDATE', etc (for SQL, anyway...) from anywhere in acl's or
router/transports. And that's just the built-in route.
Externals can be called as well.
What is it that is seen to be in need of patched/new code?
And should the offered patch be the one thaqt makes the cut if it *requires* setuid?
