On Tue, Jun 10, 2008 at 7:27 AM, Max Lindner <[EMAIL PROTECTED]> wrote: > Hi out there! > > Seems that the general tenor goes to a separate utility/helper > application with suid-bit set which takes over the steps where > root-access is compulsory. I will take a look at qmail which seems to > have a similar design (as I read in the other dma thread which came up > last week).
The only qmail program that runs setuid is qmail-queue. All critical programs run under separate user/group ids. qmail-local - the program that delivers into a user's mailbox runs as root. In short qmail does as little as possible as root, all qmail programs do not trust each other. http://cr.yp.to/qmail/guarantee.html Here are the diagrams of how things work: http://www.axz.de/qmail/pix/index.html -- Dan
