[exim-dev] [Bug 1811] exim -bt vs exim -bv uses different ui…

トップ ページ
このメッセージを削除
このメッセージに返信
著者: admin
日付:  
To: exim-dev
題目: [exim-dev] [Bug 1811] exim -bt vs exim -bv uses different uid/gid
https://bugs.exim.org/show_bug.cgi?id=1811

--- Comment #8 from Heiko Schlittermann <hs@???> ---
(In reply to Phil Pennock from comment #7)
> I strongly suspect: lots of configured integrations which do things like
> talk to RDBMSystems or LDAP using credentials from files only accessible to
> root (and not accessible to the runtime user used for delivery, where more
> compromises happen).
>
> Not good. But probably shouldn't be done as the regular runtime user
> either, and would break many configurations too.
>
> Perhaps something worth making an Exim 5.00 jump for, as breaking backwards
> compat? Could clean out various other deprecated options at that time too.


We have already deliver_drop_privilege, it does the Routing (and -bt)
as the Exim user.

(54.3. Running Exim without privilege)

Writing this, I have the feeling, that my original issue is almost pointless,
as Exim already has what I was missing and that -bt/-bv do a good job in
simulating the real routing/delivery process.

Maybe it should be pointed out, that we have verification vs routing/delivery
and hence there are some traps.

I'm not sure how deliver_drop_privilege interacts with reading an 0600 .forward
file. And I can imagine for some further version (5) we make
deliver_drop_privilege defaulting to true.

--
You are receiving this mail because:
You are on the CC list for the bug.