Michael Olson wrote: > This I'm not very happy about. Is there some way for the server to > call procmail with some "subset" of the user's token and the mail > delivery token, so that one user could not write to another user's > mail directory? > > Though come to think of it, the same problem probably exists (if I > understand it correctly) on normal procmail installations as well, so > we wouldn't actually be taking a step backwards. Still, it's a > concern. > Is it really true that our current Exim set-up (on fyodor) allows users to run programs with more privileges than they would normally be able to? If so, I wasn't aware of that at all, and it violates our basic policy about never letting a user run a program as any user but his own, through direct or indirect means.
_______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
