Author: Jeremy Harris Date: To: exim-dev Subject: Re: [exim-dev] Exim4 spool directory symlink local root escalation
- does this apply to 4.87?
On 14/09/16 19:42, Phil Pennock wrote: > On 2016-09-11 at 22:41 +0100, Jeremy Harris wrote:
>> There's a minor complication in that the -J file is opened in two
>> places (as it happens, in a single routine: deliver_messsage()).
>
> Why is the journal ever being opened as root, instead of as the Exim
> run-time user? That seems like a flaw, and a root-cause to be
> addressed.
The journal is opened, and plundered for already-delivered addresses,
before the system filter is run. And we have options for setting
uid & gid for the running of a system filter; since we don't use
seteuid() we cannot regain root in order to set the desired uid.
So we have to be root... unless we rejig things greatly.
--
Cheers,
Jeremy