Author: W B Hacker Date: To: Axel Rau CC: Phil Pennock, exim-dev Subject: Re: [exim-dev] [Bug 1031] Implement database logging of completed
remote delivery
Axel Rau wrote: >
> Am 15.02.2011 um 14:23 schrieb W B Hacker:
>
>> Axel Rau wrote:
>>>
>>> Am 14.02.2011 um 19:16 schrieb Phil Pennock:
>>>
>>>>
>>>> Will you settle for 4.76? :)
>>> OK.
>>> ...
>>>
>>>> although I do wonder about what happens with DB connections
>>>> happening from multiple users, depending on which user Exim was running
>>>> as when it opened the connection?
>>>
>>> You mean a multi-users system, where exim is used for submission?
>>> If exim is not setuid root/exim_user then my code won't work
>>> in that situation. It requires either setuid executable or an outgoing
>>> relay,
>>> which would do the job. Same is true with other DB-lookups.
>>> All my experience is based on networked clients which connect to a
>>> daemon
>>> (usually IMAP with submission capability) on a server which has no user
>>> accounts on it.
>>>
>>> Axel
>>> ---
>>> axel.rau@??? PGP-Key:29E99DD6 +49 151 2300 9283 computing @ chaos
>>> claudius
>>>
>>>
>>>
>>
>> Axel, all...
>>
>> Coming late to a discussion not of my making .. worse, probably
>> forgetting earlier discussions...
> Thanks for bringing this back to me, giving me a chance to clarify.
>>
>> ...but one has never needed setuid root <nor anything else special> to
>> write logs or, indeed essentially *anything* into a DB with
>> *unpatched* Exim 4.4X onward..
>>
>> All that is needed is a valid set of DB access credentials and the use
>> of 'INSERT', 'UPDATE', etc (for SQL, anyway...) from anywhere in acl's
>> or router/transports. And that's just the built-in route.
>>
>> Externals can be called as well.
>>
>> What is it that is seen to be in need of patched/new code?
>>
>> And should the offered patch be the one thaqt makes the cut if it
>> *requires* setuid?
> My patch does not change this.
>
> I'm using FreeBSD ports and what I see: the exim excutable is installed
> setuid root and its running as mailnull (which owns spool directory
> etc).
ACK for 'vanilla' FreeBSD port. Slightly different for OpenBSD.
But ONLY for 'vanilla' ... there are other roads ...
> However I'm using ssl to access the db-server and hence in the
> home of mailnull (which is /var/spool/mqueue) is a subdirectory
> .postgresql with the cert and key files to access the db (instead of a
> password in the exim config). This works because my mail servers have no
> user accounts and everything is handled by mailnull.
>
If 'on box', I'd recommend sockets, not IP.
If OFF box, not JUST SSL/TLS alone... yadda....
> The decision, to use ssl or not is up the administrator.
>
> If no ssl being used, then a password must be supplied in the exim
> config, which I personally don't like.
>
> Axel
> ---
The 'vanilla' method of storing the DB creds in ~/configure is generally 'good
enough', especially with 'hide..', plus restricted read perms:
-r--r----- 1 root postal 51483 Feb 15 04:33 configure
.. and no setuid on the binary.
However - w/r DB use in general, from the Exim side, I think this is an edge
case either my way OR your way.
Nothing wrong with those.
But a few minutes to compile from modified source to fit an edge-case should be
well justified and all that's needed - not a change to the base. Or at least not
THIS change.
IMHO, it seems a bit too dependent on broad assumptions and rather narrower in
application/payback.