On 14/09/16 19:42, Phil Pennock wrote:
> On 2016-09-11 at 22:41 +0100, Jeremy Harris wrote:
>> There's a minor complication in that the -J file is opened in two
>> places (as it happens, in a single routine: deliver_messsage()).
> 
> Why is the journal ever being opened as root, instead of as the Exim
> run-time user?  That seems like a flaw, and a root-cause to be
> addressed.

The journal is opened, and plundered for already-delivered addresses,
before the system filter is run.  And we have options for setting
uid & gid for the running of a system filter; since we don't use
seteuid() we cannot regain root in order to set the desired uid.
So we have to be root... unless we rejig things greatly.
-- 
Cheers,
  Jeremy


-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

Reply via email to