On Jul 16, Wouter Verhelst <wouter@grep.be> wrote: >> >Exim *does not run as root*. OK? It starts as root to bind to port 25. >> >Period. It then drops root privilages and runs as uid mail. Deliveries >> >are not done as root, but as mail. >> Do you mean that home directories, .forward files and so on must be >> world readable? This sucks... >No, those are all done using the appropriate UID. Remote deliveries and >deliveries to /var/mail are done using UID mail, though. Then it does not "drops root privilages and runs as uid mail", it only temporarily switches UID (and like it can switch back so could an exploit). -- ciao, | Marco | [848 lad.znYuTRDr2]
Attachment:
pgp0poKMEVG0p.pgp
Description: PGP signature