Re: [exim] The problem with Free Software

Top Page
Delete this message
Reply to this message
Author: Ted Cooper
Date:  
To: exim-users
Subject: Re: [exim] The problem with Free Software
On 05/06/13 05:59, Phil Pennock wrote:
> + 7. It has always been implicit in the design and the documentation that
> +    "the Exim user" is not root.  src/EDITME said that using root was
> +    "very strongly discouraged".  This is not enough to keep people from
> +    shooting themselves in the foot in days when many don't configure Exim
> +    themselves but via package build managers.  The security consequences of
> +    running various bits of network code are severe if there should be bugs in
> +    them.  As such, the Exim user may no longer be root.  If configured
> +    statically, Exim will refuse to build.  If configured as ref:user then Exim
> +    will exit shortly after start-up.  If you must shoot yourself in the foot,
> +    then henceforth you will have to maintain your own local patches to strip
> +    the safeties off.

>
> I think that this is a very reasonable balance: I don't claim to know
> your systems well enough to make a better call than you about how to
> manage them, but I do claim that if you're going to use our software
> (and affect our reputation if there's a security incident) then you'll
> need to know how to disengage the safeties before you get to do
> something which we *VERY* strongly discourage.


I think that's more than reasonable and would like to say "me too" to
keeping the protections in place. It is trivial to revert if necessary,
however I think we all seem to agree that any situation which can be
fixed by running as root can be fixed in better ways.

And no worries Ian; it was someone venting, even if misguided, on topic
and not random spam.