On 05/06/13 05:59, Phil Pennock wrote:
> + 7. It has always been implicit in the design and the documentation that
> + "the Exim user" is not root. src/EDITME said that using root was
> + "very strongly discouraged". This is not enough to keep people from
> + shooting themselves in the foot in days when many don't configure Exim
> + themselves but via package build managers. The security consequences of
> + running various bits of network code are severe if there should be bugs in
> + them. As such, the Exim user may no longer be root. If configured
> + statically, Exim will refuse to build. If configured as ref:user then Exim
> + will exit shortly after start-up. If you must shoot yourself in the foot,
> + then henceforth you will have to maintain your own local patches to strip
> + the safeties off.
>
> I think that this is a very reasonable balance: I don't claim to know
> your systems well enough to make a better call than you about how to
> manage them, but I do claim that if you're going to use our software
> (and affect our reputation if there's a security incident) then you'll
> need to know how to disengage the safeties before you get to do
> something which we *VERY* strongly discourage.
I think that's more than reasonable and would like to say "me too" to
keeping the protections in place. It is trivial to revert if necessary,
however I think we all seem to agree that any situation which can be
fixed by running as root can be fixed in better ways.
And no worries Ian; it was someone venting, even if misguided, on topic
and not random spam.
