On Sun, Dec 21, 2014 at 08:52:10PM +0100, Christian Franke wrote:
> The environment variable is only used for a special case: If local delivery
> is not needed, Cygwin postfix could be run solely under an unprivileged
> user. This works because Windows does not restrict IP ports below 1024 to
> privileged processes. The cygwin_* functions then fake the 0 <>
> var_owner_uid switch. The current emulation state is passed via an
> environment from master to daemons. I agree that this is a hack, but it
> increases security for this use case because even the postfix master runs as
> $mail_owner.
Dropping privs after pre-jail initialization is still needed even
without local delivery. Otherwise, SSL private keys, database
login passwords, and SASL passwords are accessible to processes
that should not have such access. Some configuration files in
Postfix are not world-readable, and are readable only by "root".
--
Viktor.
