From 10385c155b0e1266c02535b76ab73b32fa83d73f Mon Sep 17 00:00:00 2001
From: Phil Pennock <pdp@exim.org>
Date: Sun, 6 Jun 2010 02:46:13 +0000
Subject: No longer permit the exim user to be root.  Fixes: #752

---
 doc/doc-txt/NewStuff | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'doc/doc-txt/NewStuff')

diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index fb7e9528c..03c0d4833 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/NewStuff,v 1.171 2010/06/06 01:35:41 pdp Exp $
+$Cambridge: exim/doc/doc-txt/NewStuff,v 1.172 2010/06/06 02:46:13 pdp Exp $
 
 New Features in Exim
 --------------------
@@ -63,6 +63,18 @@ Version 4.73
       control = debug/opts=+expand+acl
       control = debug/tag=.$message_exim_id/opts=+expand
 
+ 7. It has always been implicit in the design and the documentation that
+    "the Exim user" is not root.  src/EDITME said that using root was
+    "very strongly discouraged".  This is not enough to keep people from
+    shooting themselves in the foot in days when many don't configure Exim
+    themselves but via package build managers.  The security consequences of
+    running various bits of network code are severe if there should be bugs in
+    them.  As such, the Exim user may no longer be root.  If configured
+    statically, Exim will refuse to build.  If configured as ref:user then Exim
+    will exit shortly after start-up.  If you must shoot yourself in the foot,
+    then henceforth you will have to maintain your own local patches to strip
+    the safeties off.
+
 
 Version 4.72
 ------------
-- 
cgit v1.2.3