only drop privs for TLS if still root

diff --git a/src/src/readconf.c b/src/src/readconf.c
index bddb74c0a370cfe3c1ab5a55f56c2b48bd25cf3c..3235d4556a4ceaf941d2cb0095cb6728c0459a2b 100644 (file)
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -2805,8 +2805,10 @@ if ((pid = fork()) < 0)
 
 if (pid == 0)
   {
-  exim_setugid(exim_uid, exim_gid, FALSE,
-      US"calling tls_validate_require_cipher");
+  /* in some modes, will have dropped privilege already */
+  if (!geteuid())
+    exim_setugid(exim_uid, exim_gid, FALSE,
+        US"calling tls_validate_require_cipher");
 
   errmsg = tls_validate_require_cipher();
   if (errmsg)