Re: [exim] Spurious permission denied error

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Evgeniy Berdnikov
日付:  
To: exim-users
題目: Re: [exim] Spurious permission denied error
On Tue, Apr 28, 2020 at 08:59:58AM +0100, Russell King via Exim-users wrote:
> On Tue, Apr 28, 2020 at 10:38:13AM +0300, Evgeniy Berdnikov via Exim-users wrote:
> > Write a wrapper over /usr/sbin/sendmail which should start exim
> > as root and with additional debug flags.
>
> I don't think that will work based on my testing so far.
>
> If exim is started as root, then the problem goes away (which is not
> surprising because root can generally do anything, bypassing file
> permissions.)


Root obeys file permissions, but generally it have more permissions
than ordinary user.

> That is the exact problem getting debug in this situation: you need
> exim to be invoked as the user concerned to then drop privileges
> back to an unprivileged user to then trigger the permission denied
> error. However, you can't enable debug.


Take one minute to think. User runs MTA as "/usr/sbin/sendmail -oi -t",
passing argv[0..2] = ["/usr/sbin/sendmail", "-oi", "-t"]. You have to
replace argv with ["-d+all", "-oi", "-t"] and run exim binary from other
location, where it may stay with setuid bit. No magic here, no need for
special priveleges, it can be done with 2 lines shell script:

#!/bin/sh
exec /usr/sbin/exim -d+all "$@"

This script does not ever need to be setuid.
--
Eugene Berdnikov