https://bugs.exim.org/show_bug.cgi?id=1811
--- Comment #6 from Heiko Schlittermann <hs@???> ---
According to the commend and the code around
exim.c, line 4300, it seems¹ to that way:
Test root?
-----------------------+---------------------------
-be (expansion) no dropped already
-b[fF] (filter) no dropped already
-bh[c] (host) no checking_mode
-brt (retry) yes? not covered by checking_mode
-brw (rewrite) yes? not covered by checking_mode
-bt (address test) yes checking_mode, but exception
-bv[s] (address verify) no checking_mode
I do not see any point in having root privs for any of these operations,
as I think, they're there to simulate Exims behaviour during message
reception (ACL), and during routing. (Probably during delivery for the
rewrite tests).
As far as I understand, all these operations are done with dropped
privileges (running as a daemon, invoked from untrusted users, and
similar situations).
---- [ 10 minutes later ] ----
exim -bP config
# Exim Configuration (4.87_RC6-23-85ffcba)
# 1 "/tmp/exim/etc"
keep_environment =
tls_advertise_hosts =
acl_smtp_rcpt = accept verify = recipient
begin routers
foo:
driver = accept
debug_print = R: ${run{/usr/bin/id}}
transport = null
begin transports
null:
driver = appendfile
debug_print = T: ${run{/usr/bin/id}}
file = /dev/null
Exim does the routing (-bt) with root privileges!
heiko@jumper:~/src/exim/src$ date | /tmp/exim/bin/exim -v info@???
LOG: MAIN
<= heiko@jumper U=heiko P=local S=338
heiko@jumper:~/src/exim/src$ delivering 1alY4R-0000Nk-7Z
R: uid=0(root) gid=999(exim) groups=999(exim)
T: uid=999(exim) gid=999(exim) groups=999(exim)
LOG: MAIN
=> info <info@???> R=foo T=null
LOG: MAIN
Completed
Same if running Exim as a daemon: (exim -bd -v)
1934 LOG: MAIN
1934 exim 4.87_RC6-23-85ffcba daemon started: pid=1934, no queue runs,
listening for SMTP on port 25 (IPv6 and IPv4)
1) 1936 R: uid=999(exim) gid=999(exim) groups=999(exim)
1936 LOG: MAIN
1936 <= <> H=localhost (jumper) [127.0.0.1] P=esmtp S=370
1936 LOG: smtp_connection MAIN
1936 SMTP connection from localhost (jumper) [127.0.0.1] closed by QUIT
1938 Exim version 4.87_RC6-23-85ffcba uid=999 gid=999 pid=1938 D=40001
...
1938 delivering 1alYAy-0000VE-Oo
2) 1938 R: uid=0(root) gid=999(exim) groups=999(exim)
1940 T: uid=999(exim) gid=999(exim) groups=999(exim)
1938 LOG: MAIN
1938 => info <info@???> R=foo T=null
1938 LOG: MAIN
1938 Completed
1) -bv
2) -bt
---------------
Thus, exim.c around line 4300 is right when not dropping the privs for
address testing mode, but in verification mode. As this is equivalent to
the normal operation. So my statement from above is wrong.
But this arises the question, why we need root privs for routing.
Best regards from Dresden/Germany
Viele GrüÃe aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
--
You are receiving this mail because:
You are on the CC list for the bug.
