Author: Jeremy Harris Date: To: exim-dev Subject: Re: [exim-dev] Exim4 spool directory symlink local root escalation
- does this apply to 4.87?
On 14/09/16 19:42, Phil Pennock wrote: > On 2016-09-11 at 22:41 +0100, Jeremy Harris wrote:
>> There's a minor complication in that the -J file is opened in two
>> places (as it happens, in a single routine: deliver_messsage()).
>
> Why is the journal ever being opened as root, instead of as the Exim
> run-time user? That seems like a flaw, and a root-cause to be
> addressed.
I don't know - but it is described in docs:
(ch.55)
========
A delivery process retains root privilege throughout most of its execution
[... except for transport subprocesses ]
Once all the delivery subprocesses have been run, a delivery process
changes to the Exim uid and gid while doing post-delivery tidying up
such as updating the retry database and generating bounce and warning
messages.
While the recipient addresses in a message are being routed, the
delivery process runs as root. However, if a user’s filter file has to
be processed, this is done in a [less-priv] subprocess
========
