Author: Andreas Metzler Date: To: exim-users Subject: [exim] [taint] $local_part in require files
Hello,
4.94rc0 spect.txt has the following in the section about require_files:
--------
During delivery, the stat() function is run as root, but there is a
facility for some checking of the accessibility of a file by another
user. This is not a proper permissions check, but just a "rough" check
that operates as follows:
If an item in a require_files list does not contain any forward slash
characters, it is taken to be the user (and optional group, separated by
a comma) to be checked for subsequent files in the list. If no group is
specified but the user is specified symbolically, the gid associated
with the uid is used. For example: