From: Phil Pennock <pdp@exim.org>
Date: Mon, 21 May 2012 02:58:18 +0000 (-0400)
Subject: only drop privs for TLS if still root
X-Git-Tag: exim-4_80_RC3~1
X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=commitdiff_plain;h=1d7a353eb367991d8de63c32efa64f8224f3089f

only drop privs for TLS if still root
---

diff --git a/src/src/readconf.c b/src/src/readconf.c
index bddb74c0a..3235d4556 100644
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -2805,8 +2805,10 @@ if ((pid = fork()) < 0)
 
 if (pid == 0)
   {
-  exim_setugid(exim_uid, exim_gid, FALSE,
-      US"calling tls_validate_require_cipher");
+  /* in some modes, will have dropped privilege already */
+  if (!geteuid())
+    exim_setugid(exim_uid, exim_gid, FALSE,
+        US"calling tls_validate_require_cipher");
 
   errmsg = tls_validate_require_cipher();
   if (errmsg)