https://bugs.exim.org/show_bug.cgi?id=1811
--- Comment #8 from Heiko Schlittermann <[email protected]> --- (In reply to Phil Pennock from comment #7) > I strongly suspect: lots of configured integrations which do things like > talk to RDBMSystems or LDAP using credentials from files only accessible to > root (and not accessible to the runtime user used for delivery, where more > compromises happen). > > Not good. But probably shouldn't be done as the regular runtime user > either, and would break many configurations too. > > Perhaps something worth making an Exim 5.00 jump for, as breaking backwards > compat? Could clean out various other deprecated options at that time too. We have already deliver_drop_privilege, it does the Routing (and -bt) as the Exim user. (54.3. Running Exim without privilege) Writing this, I have the feeling, that my original issue is almost pointless, as Exim already has what I was missing and that -bt/-bv do a good job in simulating the real routing/delivery process. Maybe it should be pointed out, that we have verification vs routing/delivery and hence there are some traps. I'm not sure how deliver_drop_privilege interacts with reading an 0600 .forward file. And I can imagine for some further version (5) we make deliver_drop_privilege defaulting to true. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
