On 14/09/16 19:42, Phil Pennock wrote: > On 2016-09-11 at 22:41 +0100, Jeremy Harris wrote: >> There's a minor complication in that the -J file is opened in two >> places (as it happens, in a single routine: deliver_messsage()). > > Why is the journal ever being opened as root, instead of as the Exim > run-time user? That seems like a flaw, and a root-cause to be > addressed.
I don't know - but it is described in docs: (ch.55) ======== A delivery process retains root privilege throughout most of its execution [... except for transport subprocesses ] Once all the delivery subprocesses have been run, a delivery process changes to the Exim uid and gid while doing post-delivery tidying up such as updating the retry database and generating bounce and warning messages. While the recipient addresses in a message are being routed, the delivery process runs as root. However, if a user’s filter file has to be processed, this is done in a [less-priv] subprocess ======== It doesn't give a rationale. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
