Following on from the messages on this issue #300 , it got me thinking about vexim and security overall. Have we considered further hardening the default exim install. Is there a reason why deliver_drop_privilege hasn't been implemented?
By default, Exim runs many operations with root privileges to fully control the mail queue and deliver messages to local mailboxes. Enabling deliver_drop_privilege changes this behavior:
With deliver_drop_privilege set:
- Exim changes its user ID and group ID to the vexim user and group at the start of delivery processes
- It runs most operations, including address routing, in an unprivileged state
- It does however stop exim from switching to other users (like individual local recipients) during delivery
Without deliver_drop_privilege (default):
- Exim retains root privileges throughout delivery operations
- It can change UIDs to match individual recipients when delivering to local mailboxes
exim_user = vexim
exim_group = vexim
deliver_drop_privilege = true
never_users = root
trusted_users = vexim
Is an example of how it could be done?
Following on from the messages on this issue #300 , it got me thinking about vexim and security overall. Have we considered further hardening the default exim install. Is there a reason why deliver_drop_privilege hasn't been implemented?
By default, Exim runs many operations with root privileges to fully control the mail queue and deliver messages to local mailboxes. Enabling deliver_drop_privilege changes this behavior:
With deliver_drop_privilege set:
Without deliver_drop_privilege (default):
Is an example of how it could be done?