Re: [exim-dev] Exim4 spool directory symlink local root esca…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Jeremy Harris
Date:  
À: exim-dev
Sujet: Re: [exim-dev] Exim4 spool directory symlink local root escalation - does this apply to 4.87?
On 14/09/16 19:42, Phil Pennock wrote:
> On 2016-09-11 at 22:41 +0100, Jeremy Harris wrote:
>> There's a minor complication in that the -J file is opened in two
>> places (as it happens, in a single routine: deliver_messsage()).
>
> Why is the journal ever being opened as root, instead of as the Exim
> run-time user? That seems like a flaw, and a root-cause to be
> addressed.


I don't know - but it is described in docs:

(ch.55)
========
A delivery process retains root privilege throughout most of its execution
[... except for transport subprocesses ]
Once all the delivery subprocesses have been run, a delivery process
changes to the Exim uid and gid while doing post-delivery tidying up
such as updating the retry database and generating bounce and warning
messages.

While the recipient addresses in a message are being routed, the
delivery process runs as root. However, if a user’s filter file has to
be processed, this is done in a [less-priv] subprocess
========

It doesn't give a rationale.

--
Cheers,
Jeremy