Re: default MTA for sarge

To: debian-devel@lists.debian.org
Subject: Re: default MTA for sarge
From: Marc Haber <mh+debian-devel@zugschlus.de>
Date: Thu, 17 Jul 2003 08:49:59 +0200
Message-id: <[🔎] E19d2aX-0001Gd-Hb@torres.ka0.zugschlus.de>
In-reply-to: <[🔎] 20030716124426.GB2803@wonderland.linux.it>
References: <[🔎] 20030713083151.GA12971@dragon.kitenet.net> <[🔎] 20030714064911.GA20753@taz.net.au> <[🔎] 1058207147.32166.15.camel@rock.grep.be> <[🔎] 20030714230129.GA7728@taz.net.au> <[🔎] 20030715002434.GE17851@hoiho.nz.lemon-computing.com> <[🔎] 20030715141259.GM7728@taz.net.au> <[🔎] 20030715152202.GP16880@morgul.net> <[🔎] 20030716093955.GB808@wonderland.linux.it> <[🔎] 1058357245.3397.5.camel@localhost> <[🔎] 20030716124426.GB2803@wonderland.linux.it>

On Wed, 16 Jul 2003 14:44:26 +0200, Marco d'Itri <md@Linux.IT> wrote:
>Then it does not "drops root privilages and runs as uid mail", it only
>temporarily switches UID (and like it can switch back so could an
>exploit).

IIRC exim re-execs itself to regain root privileges. The child treats
all data coming in from the parent as untrusted and proceeds to drop
its root privileges at the earliest possibility.

Greetings
Marc

-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber          |   " Questions are the         | Mailadresse im Header
Karlsruhe, Germany  |     Beginning of Wisdom "     | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29

Reply to:

References:
- default MTA for sarge
  - From: Joey Hess <joeyh@debian.org>
- Re: default MTA for sarge
  - From: Craig Sanders <cas@taz.net.au>
- Re: default MTA for sarge
  - From: Wouter Verhelst <wouter@grep.be>
- Re: default MTA for sarge
  - From: Craig Sanders <cas@taz.net.au>
- Re: default MTA for sarge
  - From: Nick Phillips <nwp@nz.lemon-computing.com>
- Re: default MTA for sarge
  - From: Craig Sanders <cas@taz.net.au>
- Re: default MTA for sarge
  - From: "Noah L. Meyerhans" <noahm@debian.org>
- Re: default MTA for sarge
  - From: Marco d'Itri <md@Linux.IT>
- Re: default MTA for sarge
  - From: Wouter Verhelst <wouter@grep.be>
- Re: default MTA for sarge
  - From: Marco d'Itri <md@Linux.IT>

Prev by Date: An RC Bug with patch P (Re: RC Bugs with patches (A-F))
Next by Date: Re: Bug#201023: dosemu: purging doesmu wipes out all user data under /var/lib/dosemu)
Previous by thread: Re: default MTA for sarge
Next by thread: Re: default MTA for sarge
Index(es):
- Date
- Thread