only drop privs for TLS if still root
authorPhil Pennock <pdp@exim.org>
Mon, 21 May 2012 02:58:18 +0000 (22:58 -0400)
committerPhil Pennock <pdp@exim.org>
Mon, 21 May 2012 02:58:18 +0000 (22:58 -0400)
src/src/readconf.c

index bddb74c0a370cfe3c1ab5a55f56c2b48bd25cf3c..3235d4556a4ceaf941d2cb0095cb6728c0459a2b 100644 (file)
@@ -2805,8 +2805,10 @@ if ((pid = fork()) < 0)
 
 if (pid == 0)
   {
-  exim_setugid(exim_uid, exim_gid, FALSE,
-      US"calling tls_validate_require_cipher");
+  /* in some modes, will have dropped privilege already */
+  if (!geteuid())
+    exim_setugid(exim_uid, exim_gid, FALSE,
+        US"calling tls_validate_require_cipher");
 
   errmsg = tls_validate_require_cipher();
   if (errmsg)