http://bugzilla.spamassassin.org/show_bug.cgi?id=3097
------- Additional Comments From [EMAIL PROTECTED] 2004-04-14 11:54 ------- >Yes. All of the children are running with the same RUID. However, when While I'm personally not that bothered by this much, maintaining a real UID of root through a child process isn't something to do lightly. If there is ever an exploit found in a child and the RUID is root, the box is 0wn3d. If the RUID=EUID and EUID!=0 than the attacker has user level access to the server which may lead to other problems if the box is locally exploitable. I'd assumed that the project would want to maintain this level of paranoia which is why I said that some features (like setuid) would have to be pulled to do a preforker/reuse server (securely.) I don't want to rock the boat or get presumptuous on how big my tiny role with the project is but I'd personally like to see a concensus from the cabal at least that this is the way to go. ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
