--- /dev/null
+Preamble
+========
+
+Normally The Exim Maintainers ensure that a configuration which works
+with version N will work with version N+1, within a major version number
+(eg, 4).
+
+Occasionally this will not be the case; usually, those changes will be
+at the end of a long notice period where admins have been encouraged to
+move away and even then, we are hesitant to fully break things without
+strong cause to move away.
+
+This does not apply to "experimental" features, which can be withdrawn
+or changed with little notice, although we still endeavour to limit
+that. We may choose to note those changes here too.
+
+The most likely cause of a backwards-incompatible change is a security
+improvement, where the benefits for everyone strongly outweigh the needs
+of the few.
+
+
+Changes
+=======
+
+Exim version 4.73
+-----------------
+
+ * The Exim run-time user can no longer be root; this was always
+ strongly discouraged, but is now prohibited both at build and
+ run-time. If you need Exim to run routinely as root, you'll need to
+ patch the source and accept the risk. Here be dragons.
+
+ * Exim will no longer accept a configuration file owned by the Exim
+ run-time user, unless that account is explicitly the value in
+ CONFIGURE_OWNER, which we discourage. Exim now checks to ensure that
+ files are not writable by other accounts.
+
+ * ALT_CONFIG_ROOT_ONLY is no longer optional and is forced on; the Exim
+ user can no longer use -C/-D and retain privilege.
+
+ * The system_filter_user option now defaults to the Exim run-time user,
+ rather than root. You can still set it explicitly to root and this
+ can be done with prior versions too, letting you roll versions
+ without needing to change this configuration option.
+
gid_t system_filter_gid = 0;
BOOL system_filter_gid_set = FALSE;
-uid_t system_filter_uid = 0;
+uid_t system_filter_uid = (uid_t)-1;
BOOL system_filter_uid_set = FALSE;
BOOL system_filtering = FALSE;
projects / exim.git / commitdiff