https://bugs.exim.org/show_bug.cgi?id=2276
Phil Pennock <pdp@???> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |pdp@???
--- Comment #2 from Phil Pennock <pdp@???> ---
There are two distinct areas here: logs and spool.
Logs: wontfix, we write as root, if there's any kind of exploitability, that
should be filed as a bug.
Suggestion: set `LOG_MODE=0660` in Exim's `Local/Makefile` when building, and
use an ACL on the logs directory to automatically inherit group root
writability when creating files.
Spool files: I don't think Exim should be touching spool files while still
root. That should be happening as the Exim run-time user. I haven't looked at
the relevant code recently, but if there's home directory delivering as the
user in question, then perhaps that's the path leading to this happening, but
this is speculation.
Is there any way that we could get debug traces from Exim, showing what it was
trying to do when it got permission denied on the _spool_ files please?
--
You are receiving this mail because:
You are on the CC list for the bug.
