Re: [exim4debian] Re: Debian-exim - blech!
On Mon, Sep 20, 2004 at 01:07:52PM +0200, Marc Haber wrote: >On Mon, Sep 20, 2004 at 09:48:43AM +0100, Oliver Elphick wrote: >> "mail" is and always has been a standard system account: > >"mail" is also the account that owns the mail spool, hence all MUAs >run sgid mail per policy. Running the MTA as mail as well would mean >that the MTA's queue would have to belong to mail as well, giving MUAs >read access to the MTA's queue, which is a significant security risk. > >This is the reason why we decided to run exim4 with a non-"mail" >account. > >> Of course your argument applies equally to "Debian-exim" - it might be >> assigned to a user; it's quite as likely as that "mail" might be so >> assigned. > >I beg to differ here. It is quite more unlikely to re-use an account >with a name _that_ ugly. > I don't think you make a valid case for the name change. It is an admittedly really ugly name, and it seems it was given such a name to force some kind of policy decision on a non-issue, which seems to me like extortion. This is what my system might look like if everyone followed your naming convention: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 1272 432 ?SSep13 0:26 init [2] root 2 0.0 0.0 00 ?SW Sep13 0:00 [keventd] root 3 0.0 0.0 00 ?SWN Sep13 0:07 [ksoftirqd_CPU0] root 4 0.0 0.0 00 ?SWN Sep13 0:05 [ksoftirqd_CPU1] root 5 0.0 0.0 00 ?SW Sep13 3:57 [kswapd] root 6 0.0 0.0 00 ?SW Sep13 0:00 [bdflush] root 7 0.0 0.0 00 ?SW Sep13 0:49 [kupdated] root 114 0.0 0.0 00 ?SW Sep13 1:43 [kjournald] root 115 0.0 0.0 00 ?SW Sep13 0:01 [kjournald] root 116 0.0 0.0 00 ?SW Sep13 1:46 [kjournald] root 117 0.0 0.0 00 ?SW Sep13 3:15 [kjournald] root 140 0.0 0.0 00 ?SW Sep13 0:00 [eth0] daemon 148 0.0 0.0 1384 296 ?SSep13 0:00 [portmap] root 462 0.0 0.0 2004 676 ?SSep13 0:00 /usr/sbin/inetd root 473 0.0 0.0 2184 864 ?SSep13 0:00 /bin/sh /usr/bin/mysqld_safe Debian-521 0.0 2.1 68520 19532 ? SSep13 0:01 [mysqld] Debian-531 0.0 2.1 68520 19532 ? SSep13 0:12 [mysqld] Debian-532 0.0 2.1 68520 19532 ? SSep13 0:08 [mysqld] Debian-535 0.0 2.1 68520 19532 ? SSep13 0:00 [mysqld] nobody 615 0.0 0.1 3656 1032 ?SSep13 0:02 [proftpd] Debian- 9949 0.0 0.1 12848 948 ?SSep18 0:15 /usr/lib/postgresql/bin/postmaster Debian- 9951 0.0 0.1 13840 1432 ?SSep18 0:03 postgres: stats buffer process Debian- 9952 0.0 0.1 13060 1496 ?SSep18 0:24 postgres: stats collector process Debian- 9870 0.0 0.3 13940 2892 ?SSep20 0:25 /usr/bin/perl /usr/lib/sympa/bin/sympa.pl -m Debian- 16447 0.0 0.1 6668 1776 ?SSep20 0:08 [exim4] Debian- 18144 0.0 0.2 13364 2548 ?SSep21 0:00 postgres: sympa sympa 127.0.0.1 idle Debian- 28902 0.0 0.6 76848 5912 ?S06:33 0:00 [apache] Debian- 28905 0.0 0.8 77100 7288 ?S06:33 0:03 [apache] Debian- 7716 0.0 0.7 76960 6760 ?S09:23 0:00 [apache] Debian- 7767 0.0 0.2 7020 2332 ?S09:24 0:00 [exim4] Debian- 7769 0.0 0.2 6824 2380 ?S09:24 0:00 [exim4] Not too pretty, and kind of useless! I agree with the OP. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [exim4debian] Re: Debian-exim - blech!
On Mon, 2004-09-20 at 19:47, Tim Kelley wrote: > > So we shouldn't purge the mail queue and hints database? Since policy > > requires a purged package to vanish without leaving any trace of its > > installation, that would be a policy violation. > > Huh? There is no such policy. The policy defines "purge" as "removing > everything in it's file list except conffiles", and since the > package's file list could not possibly contain files created post > installation, it cannot delete anything in the system mail directory. purge _does_ remove conffiles as well as the whole filelist. I think it should also remove files created by the package for its own use, but not anything else that might happen to be in the same directory, which Marc seems to think it should do. Of course, there are some packages which definitely should not remove all files that they create, not, at least, without asking; editors and databases, for example. -- Oliver Elphick [EMAIL PROTECTED] Isle of Wight http://www.lfix.co.uk/oliver GPG: 1024D/A54310EA 92C8 39E7 280E 3631 3F0E 1EC0 5664 7A2F A543 10EA "But my God shall supply all your need according to his riches in glory by Christ Jesus." Philippians 4:19 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [exim4debian] Re: Debian-exim - blech!
On Mon, Sep 20, 2004 at 01:07:52PM +0200, Marc Haber wrote: > On Mon, Sep 20, 2004 at 09:48:43AM +0100, Oliver Elphick wrote: > > "mail" is and always has been a standard system account: > > "mail" is also the account that owns the mail spool, hence all MUAs > run sgid mail per policy. Running the MTA as mail as well would mean > that the MTA's queue would have to belong to mail as well, giving MUAs > read access to the MTA's queue, which is a significant security risk. That's funny, none of the MUA's on my debian systems are sgid mail, nor is anything of the kind written in the debian policy that I can see. > > nor of files that exim4 did not install. > > So we shouldn't purge the mail queue and hints database? Since policy > requires a purged package to vanish without leaving any trace of its > installation, that would be a policy violation. Huh? There is no such policy. The policy defines "purge" as "removing everything in it's file list except conffiles", and since the package's file list could not possibly contain files created post installation, it cannot delete anything in the system mail directory. -- _ _ _ _ _ _ _ _ _ _ _ _ _ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ ( t | i | m | @ | i | t | . | k | p | t | . | c | c ) \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ GPG key fingerprint = 1DEE CD9B 4808 F608 FBBF DC21 2807 D7D3 09CA 85BF -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [exim4debian] Re: Debian-exim - blech!
On Mon, Sep 20, 2004 at 09:48:43AM +0100, Oliver Elphick wrote: > "mail" is and always has been a standard system account: "mail" is also the account that owns the mail spool, hence all MUAs run sgid mail per policy. Running the MTA as mail as well would mean that the MTA's queue would have to belong to mail as well, giving MUAs read access to the MTA's queue, which is a significant security risk. This is the reason why we decided to run exim4 with a non-"mail" account. > Of course your argument applies equally to "Debian-exim" - it might be > assigned to a user; it's quite as likely as that "mail" might be so > assigned. I beg to differ here. It is quite more unlikely to re-use an account with a name _that_ ugly. > > Second, purging exim4 in such a situation could lead to all files > > belonging to that user to be deleted. > > Purging exim4 should not cause the deletion of the username I beg to differ again. > nor of files that exim4 did not install. So we shouldn't purge the mail queue and hints database? Since policy requires a purged package to vanish without leaving any trace of its installation, that would be a policy violation. Anyway, I am sick of this discussion. You didn't bring a single new argument into it. Please try to establish policy about package user names, or take the issue to the tech ctte. Until then, Debian-exim is bound to stay. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Karlsruhe, Germany | lose things."Winona Ryder | Fon: *49 721 966 32 15 Nordisch by Nature | How to make an American Quilt | Fax: *49 721 966 31 29 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [exim4debian] Re: Debian-exim - blech!
On Fri, 2004-09-17 at 23:35, Marc Haber wrote: > > I never did understand: what was the problem with "mail"? > > First, installing exim4 would probably re-use the account "mail" which > might be assigned to a user. This might grant excessive rights to that > user (for example, access rights to the mail queue). "mail" is and always has been a standard system account: mail:x:8:8:mail:/var/mail:/bin/sh Note the uid of 8 in the system range. It would therefore be impossible to create a user account called "mail", because it already exists. If someone is stupid enough to take over the "mail" account as a private user account, they deserve anything they get. Debian maintainers are not supposed to pervert the system to cope with system administrators who are totally incompetent. Of course your argument applies equally to "Debian-exim" - it might be assigned to a user; it's quite as likely as that "mail" might be so assigned. > Second, purging exim4 in such a situation could lead to all files > belonging to that user to be deleted. Purging exim4 should not cause the deletion of the username nor of files that exim4 did not install. -- Oliver Elphick [EMAIL PROTECTED] Isle of Wight http://www.lfix.co.uk/oliver GPG: 1024D/A54310EA 92C8 39E7 280E 3631 3F0E 1EC0 5664 7A2F A543 10EA "But my God shall supply all your need according to his riches in glory by Christ Jesus." Philippians 4:19 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [exim4debian] Re: Debian-exim - blech!
Marc Haber writes: >On Fri, Sep 17, 2004 at 10:26:01PM +0100, Oliver Elphick wrote: >> >> I never did understand: what was the problem with "mail"? > >First, installing exim4 would probably re-use the account "mail" which >might be assigned to a user. This might grant excessive rights to that >user (for example, access rights to the mail queue). > >Second, purging exim4 in such a situation could lead to all files >belonging to that user to be deleted. Do you actually have any evidence that this has caused problems? Exim 3 in woody used the "mail" user just fine for most people... -- Steve McIntyre, Cambridge, UK.[EMAIL PROTECTED] "I suspect most samba developers are already technically insane... Of course, since many of them are Australians, you can't tell." -- Linus Torvalds -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [exim4debian] Re: Debian-exim - blech!
On Fri, Sep 17, 2004 at 10:26:01PM +0100, Oliver Elphick wrote: > On Fri, 2004-09-17 at 21:01, Marc Haber wrote: > > > I believe this was done because there is some Debian policy that a > > > weird user name must be created in this case. > > > > No, the weird account name was chosen in absense of a formal policy > > to minimize the chance of clashes with account names deliberately > > created by the local admin. > > I never did understand: what was the problem with "mail"? First, installing exim4 would probably re-use the account "mail" which might be assigned to a user. This might grant excessive rights to that user (for example, access rights to the mail queue). Second, purging exim4 in such a situation could lead to all files belonging to that user to be deleted. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Karlsruhe, Germany | lose things."Winona Ryder | Fon: *49 721 966 32 15 Nordisch by Nature | How to make an American Quilt | Fax: *49 721 966 31 29 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [exim4debian] Re: Debian-exim - blech!
On Fri, Sep 17, 2004 at 10:26:01PM +0100, Oliver Elphick wrote: >On Fri, 2004-09-17 at 21:01, Marc Haber wrote: >> > I believe this was done because there is some Debian policy that a >> > weird user name must be created in this case. >> >> No, the weird account name was chosen in absense of a formal policy >> to minimize the chance of clashes with account names deliberately >> created by the local admin. > >I never did understand: what was the problem with "mail"? exim4 seems like an obvious choice, too. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [exim4debian] Re: Debian-exim - blech!
On Fri, 2004-09-17 at 21:01, Marc Haber wrote: > > I believe this was done because there is some Debian policy that a > > weird user name must be created in this case. > > No, the weird account name was chosen in absense of a formal policy > to minimize the chance of clashes with account names deliberately > created by the local admin. I never did understand: what was the problem with "mail"? -- Oliver Elphick [EMAIL PROTECTED] Isle of Wight http://www.lfix.co.uk/oliver GPG: 1024D/A54310EA 92C8 39E7 280E 3631 3F0E 1EC0 5664 7A2F A543 10EA "Honour the LORD with thy substance, and with the firstfruits of all thine increase; So shall thy barns be filled with plenty, and thy presses shall burst out with new wine." Proverbs 3:9,10 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [exim4debian] Re: Debian-exim - blech!
On Fri, Sep 17, 2004 at 10:00:36AM -0700, Ross Boylan wrote: > On Tue, Sep 14, 2004 at 07:55:48PM -0700, [EMAIL PROTECTED] wrote: > > ok, I know this has been brought up on the list, but I just want to vent my > > frustration at this fine distribution picking such a horrible username for > > exim4! > > > > Sheesh! I mean, the maintainers do a fine job otherwise, but I can't believe > > that this package is going into sarge this way. Please see the README.Debian-exim file included with the package, or on http://q.bofh.de/~mh/stuff/README.Debian-accountname. > > blech... > > > I believe this was done because there is some Debian policy that a > weird user name must be created in this case. No, the weird account name was chosen in absense of a formal policy to minimize the chance of clashes with account names deliberately created by the local admin. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Karlsruhe, Germany | lose things."Winona Ryder | Fon: *49 721 966 32 15 Nordisch by Nature | How to make an American Quilt | Fax: *49 721 966 31 29 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian-exim - blech!
On Tue, Sep 14, 2004 at 07:55:48PM -0700, [EMAIL PROTECTED] wrote: > ok, I know this has been brought up on the list, but I just want to vent my > frustration at this fine distribution picking such a horrible username for > exim4! > > Sheesh! I mean, the maintainers do a fine job otherwise, but I can't believe > that this package is going into sarge this way. > > blech... > I believe this was done because there is some Debian policy that a weird user name must be created in this case. I'm not sure what the scope of the policy is (mail programs, daemons, all created accounts), and I can't find it in the policy manual. Maybe it's an upstream exim requirement/recommendation. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Debian-exim - blech!
ok, I know this has been brought up on the list, but I just want to vent my frustration at this fine distribution picking such a horrible username for exim4! Sheesh! I mean, the maintainers do a fine job otherwise, but I can't believe that this package is going into sarge this way. blech... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]