Brad Shelton <[EMAIL PROTECTED]> writes:
| On Sun, Mar 14, 1999 at 04:59:24PM -0500, Scott Schwartz wrote:
| > Mate Wierdl <[EMAIL PROTECTED]> writes:
| > | What mean things can happen if a user pipes the message to a command?
| > | They can always do it using the shell anyways. The shell started in
| > | .qmail is run by the user...
| >
| > But it might be running on the mail server, where users cannot
| > normally log in, and where you only want to let them
| > run certain commands.
|
| So script the .qmail creation for each user to be locked down by root
| permissions.
|
| What's the big deal?
That's a big complicated change. In my environment, which I think is
typical, .qmail files are in home directories. Even if you have a
seperate mail partition, it's simplest and easiest to allow users to
create .qmail files using normal shell commands like vi. The issue
isn't that we want to restrict .qmail files, but that we might want to
restrict the commands that are executed on a particular cpu on behalf
of them. That correctly handles the problem in all cases, with no
ad-hoc restrictions on other kinds of delivery. Thus, the restricted
shell solution is the right one.
