I recently converted my home e-mail box to Gentoo (after having loved using it on my desktop box). I run an SMTP and IMAP server on it and use fetchmail to pull my e-mail locally and deliver it to SMTP. On my old linux box, I had fetchmail run as an unprivileged user since (AFAIK) the only resource it needs is to be able to read the fetchmailrc file.
Given fetchmail's security history, I was a little surprised when I discovered that Gentoo appears to let fetchmail run (by default) as root. I don't think this needs to be. I'd like to suggest that this default be changed so that a compromised fetchmail will do less damage (and I can probably update the /etc/init.d/fetchmail file and post a patch). However, I don't know what the best way to run it is. Would it be better to run fetchmail in some kind chroot jail? If so, how would you set it up? (I'm not too familiar with making application run in a chroot jail). If just running as a user is sufficient, what user? Should there be a dedicated fetchmail user? Ryan [EMAIL PROTECTED] -- [EMAIL PROTECTED] mailing list -- [EMAIL PROTECTED] mailing list
