On Tue, Mar 18, 2008 at 09:50:09AM -0700, Russ Allbery wrote: > Josip Rodin <[EMAIL PROTECTED]> writes: > > On Mon, Mar 17, 2008 at 09:56:52PM -0700, Russ Allbery wrote: > > >> I don't know what the original Debian rationale was, but the > >> traditional UNIX rationale for group-writable user mail spools is so > >> that you don't have to run your mail system as root and can instead run > >> it as some other user in group mail. > > >> However, everyone seems to have given up on that or at least uses a > >> setuid-root MDA, so I'm not sure it's serving any real purpose at this > >> point. > > > Or they don't use root at all for the MDA, instead setuid'ing to the > > user itself. See also #405584. > > In order to deliver mail as the user, *something* has to be either running > as root or setuid. That's basically my point.
That's why I said no root for MDA - it's there for the MTA :) > Group-writable mail spools allow the entire mail delivery chain to never > run as root (with the possible exception of binding to port 25 if you want > to accept incoming SMTP traffic), as long as you don't care about > forwarding to programs. > > I don't know if we care about supporting this, though. Right. I don't think I've ever actually seen such an implementation. So it doesn't seem to make sense to enforce this by way of a "must" directive in the policy manual, and at the expense of user privacy in case of security problems. -- 2. That which causes joy or happiness. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]