[exim-dev] [Bug 1811] exim -bt vs exim -bv uses different ui…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 1811] exim -bt vs exim -bv uses different uid/gid
https://bugs.exim.org/show_bug.cgi?id=1811

--- Comment #3 from Phil Pennock <pdp@???> ---
Ah, indeed they match, until:

`-bt`:
Address testing: uid=0 gid=16 euid=0 egid=16

`-bv`:
Verifying: uid=16 gid=16 euid=16 egid=16

exim.c:
4875   if (verify_address_mode)
4876     {
4877     if (!verify_as_sender) flags |= vopt_is_recipient;
4878     DEBUG(D_verify) debug_print_ids(US"Verifying:");
4879     }
4880 
4881   else
4882     {
4883     flags |= vopt_is_recipient;
4884     debug_selector |= D_v;
4885     debug_file = stderr;
4886     debug_fd = fileno(debug_file);
4887     DEBUG(D_verify) debug_print_ids(US"Address testing:");
4888     }


The difference comes a little before that, when the `-bv` output includes:

changed uid/gid: privilege not needed
uid=16 gid=16 pid=21839

This from:
4291 /* If Exim was started with root privilege, unless we have already removed
the
4292 root privilege above as a result of -C, -D, -be, -bf or -bF, remove it now
4293 except when starting the daemon or doing some kind of delivery or address
4294 testing (-bt). These are the only cases when root need to be retained. We
run
4295 as exim for -bv and -bh. However, if deliver_drop_privilege is set, root
is
4296 retained only for starting the daemon. We always do the initgroups() in
this
4297 situation (controlled by the TRUE below), in order to be as close as
possible
4298 to the state Exim usually runs in. */
4299 
4300 if (!unprivileged &&                      /* originally had root AND */
4301     !removed_privilege &&                 /* still got root AND      */
4302     !daemon_listen &&                     /* not starting the daemon */
4303     queue_interval <= 0 &&                /* (either kind of daemon) */
4304       (                                   /*    AND EITHER           */
4305       deliver_drop_privilege ||           /* requested unprivileged  */
4306         (                                 /*       OR                */
4307         queue_interval < 0 &&             /* not running the queue   */
4308         (msg_action_arg < 0 ||            /*       and               */
4309           msg_action != MSG_DELIVER) &&   /* not delivering and      */
4310         (!checking || !address_test_mode) /* not address checking    */
4311         )
4312       ))
4313   {
4314   exim_setugid(exim_uid, exim_gid, TRUE, US"privilege not needed");
4315   }


So the question is why does this assert that root is still needed for
address-testing, in the comment and in the code?

--
You are receiving this mail because:
You are on the CC list for the bug.