berg...@panix.com:
> => Postfix does nothing to prevent a child process from making a system
> => call.  For blocked calls, you may find more useful info in SeLinux
> => or AppArmor event logs.
> 
> SELinux is disabled and AppArmor is not installed on this system.
> 
> There's no problem running gmi directly from the shell, as an unprivileged 
> user or as root.
> 
> Any other thoughts, perhaps to do with postfix dropping privileges
> from root=>user when the gmi command is run as a pipe service?

Postfix relies on POSIX calls to impersonate an unprivileged user
(by manipulating the real/effective/saved UID and GID, and secondary
groups).

It is possible that your OS also manipulates other rights (capabilities,
other resource controls) that Postfix is not aware of.

Keep in mind that Postfix is a cross-platform applcation, and that
not all the world is Linux.

        Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to