(Apologies for cc'ing you directly;
my previous attempt to reply to exim-dev either failed or is awaiting
moderation, and I don't have access to the bug system.)
On Sun, 3 Apr 2016, [email protected] wrote:
https://bugs.exim.org/show_bug.cgi?id=1811
--- Comment #7 from Phil Pennock <[email protected]> ---
I strongly suspect: lots of configured integrations which do things like talk
to RDBMSystems or LDAP using credentials from files only accessible to root
(and not accessible to the runtime user used for delivery, where more
compromises happen).
The userforward router in the default sample config uses root
access to read the users .forward file.
Maybe it could be changed to run as the user ...
Not good. But probably shouldn't be done as the regular runtime user either,
and would break many configurations too.
Perhaps something worth making an Exim 5.00 jump for, as breaking backwards
compat? Could clean out various other deprecated options at that time too.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim
details at http://www.exim.org/ ##
