(Apologies for cc'ing you directly;
my previous attempt to reply to exim-dev either failed or is awaiting
moderation, and I don't have access to the bug system.)
On Sun, 3 Apr 2016, admin@??? wrote:
> https://bugs.exim.org/show_bug.cgi?id=1811
>
> --- Comment #7 from Phil Pennock <pdp@???> ---
> I strongly suspect: lots of configured integrations which do things like talk
> to RDBMSystems or LDAP using credentials from files only accessible to root
> (and not accessible to the runtime user used for delivery, where more
> compromises happen).
The userforward router in the default sample config uses root
access to read the users .forward file.
Maybe it could be changed to run as the user ...
> Not good. But probably shouldn't be done as the regular runtime user either,
> and would break many configurations too.
>
> Perhaps something worth making an Exim 5.00 jump for, as breaking backwards
> compat? Could clean out various other deprecated options at that time too.
