diff options
author | Phil Pennock <pdp@exim.org> | 2010-06-06 02:46:13 +0000 |
---|---|---|
committer | Phil Pennock <pdp@exim.org> | 2010-06-06 02:46:13 +0000 |
commit | 10385c155b0e1266c02535b76ab73b32fa83d73f (patch) | |
tree | fab6bd2a0597a506c61b6ae6159488ce043592ff /doc | |
parent | 4b2241d2228351057f63f954de46b0449288e3ba (diff) |
No longer permit the exim user to be root. Fixes: #752
Diffstat (limited to 'doc')
-rw-r--r-- | doc/doc-txt/ChangeLog | 4 | ||||
-rw-r--r-- | doc/doc-txt/NewStuff | 14 |
2 files changed, 16 insertions, 2 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 85edf47d1..8c88085f8 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.625 2010/06/06 02:08:50 pdp Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.626 2010/06/06 02:46:13 pdp Exp $ Change log file for Exim from version 4.21 ------------------------------------------- @@ -40,6 +40,8 @@ PP/11 Bugzilla 922: Documentation dusting, patch provided by John Horne. PP/12 Bugzilla 973: Implement --version. +PP/13 Bugzilla 752: Refuse to build/run if Exim user is root/0. + Exim version 4.72 ----------------- diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index fb7e9528c..03c0d4833 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/NewStuff,v 1.171 2010/06/06 01:35:41 pdp Exp $ +$Cambridge: exim/doc/doc-txt/NewStuff,v 1.172 2010/06/06 02:46:13 pdp Exp $ New Features in Exim -------------------- @@ -63,6 +63,18 @@ Version 4.73 control = debug/opts=+expand+acl control = debug/tag=.$message_exim_id/opts=+expand + 7. It has always been implicit in the design and the documentation that + "the Exim user" is not root. src/EDITME said that using root was + "very strongly discouraged". This is not enough to keep people from + shooting themselves in the foot in days when many don't configure Exim + themselves but via package build managers. The security consequences of + running various bits of network code are severe if there should be bugs in + them. As such, the Exim user may no longer be root. If configured + statically, Exim will refuse to build. If configured as ref:user then Exim + will exit shortly after start-up. If you must shoot yourself in the foot, + then henceforth you will have to maintain your own local patches to strip + the safeties off. + Version 4.72 ------------ |