Re: [exim4debian] Re: Debian-exim - blech!

2004-09-23 Thread Peter Hicks
On Mon, Sep 20, 2004 at 01:07:52PM +0200, Marc Haber wrote:
>On Mon, Sep 20, 2004 at 09:48:43AM +0100, Oliver Elphick wrote:
>> "mail" is and always has been a standard system account:
>
>"mail" is also the account that owns the mail spool, hence all MUAs
>run sgid mail per policy. Running the MTA as mail as well would mean
>that the MTA's queue would have to belong to mail as well, giving MUAs
>read access to the MTA's queue, which is a significant security risk.
>
>This is the reason why we decided to run exim4 with a non-"mail"
>account.
>
>> Of course your argument applies equally to "Debian-exim" - it might be
>> assigned to a user; it's quite as likely as that "mail" might be so
>> assigned.
>
>I beg to differ here. It is quite more unlikely to re-use an account
>with a name _that_ ugly.
>

I don't think you make a valid case for the name change. It is an
admittedly really ugly name, and it seems it was given such a name to
force some kind of policy decision on a non-issue, which seems to me
like extortion.

This is what my system might look like if everyone followed your naming
convention:

USER   PID %CPU %MEM   VSZ  RSS TTY  STAT START   TIME COMMAND
root 1  0.0  0.0  1272  432 ?SSep13   0:26 init [2]
root 2  0.0  0.0 00 ?SW   Sep13   0:00 [keventd]
root 3  0.0  0.0 00 ?SWN  Sep13   0:07 [ksoftirqd_CPU0]
root 4  0.0  0.0 00 ?SWN  Sep13   0:05 [ksoftirqd_CPU1]
root 5  0.0  0.0 00 ?SW   Sep13   3:57 [kswapd]
root 6  0.0  0.0 00 ?SW   Sep13   0:00 [bdflush]
root 7  0.0  0.0 00 ?SW   Sep13   0:49 [kupdated]
root   114  0.0  0.0 00 ?SW   Sep13   1:43 [kjournald]
root   115  0.0  0.0 00 ?SW   Sep13   0:01 [kjournald]
root   116  0.0  0.0 00 ?SW   Sep13   1:46 [kjournald]
root   117  0.0  0.0 00 ?SW   Sep13   3:15 [kjournald]
root   140  0.0  0.0 00 ?SW   Sep13   0:00 [eth0]
daemon 148  0.0  0.0  1384  296 ?SSep13   0:00 [portmap]
root   462  0.0  0.0  2004  676 ?SSep13   0:00 /usr/sbin/inetd
root   473  0.0  0.0  2184  864 ?SSep13   0:00 /bin/sh 
/usr/bin/mysqld_safe
Debian-521  0.0  2.1 68520 19532 ?   SSep13   0:01 [mysqld]
Debian-531  0.0  2.1 68520 19532 ?   SSep13   0:12 [mysqld]
Debian-532  0.0  2.1 68520 19532 ?   SSep13   0:08 [mysqld]
Debian-535  0.0  2.1 68520 19532 ?   SSep13   0:00 [mysqld]
nobody 615  0.0  0.1  3656 1032 ?SSep13   0:02 [proftpd]
Debian-   9949  0.0  0.1 12848  948 ?SSep18   0:15 
/usr/lib/postgresql/bin/postmaster
Debian-   9951  0.0  0.1 13840 1432 ?SSep18   0:03 postgres: stats buffer 
process
Debian-   9952  0.0  0.1 13060 1496 ?SSep18   0:24 postgres: stats 
collector process
Debian-   9870  0.0  0.3 13940 2892 ?SSep20   0:25 /usr/bin/perl 
/usr/lib/sympa/bin/sympa.pl -m
Debian-  16447  0.0  0.1  6668 1776 ?SSep20   0:08 [exim4]
Debian-  18144  0.0  0.2 13364 2548 ?SSep21   0:00 postgres: sympa sympa 
127.0.0.1 idle
Debian-  28902  0.0  0.6 76848 5912 ?S06:33   0:00 [apache]
Debian-  28905  0.0  0.8 77100 7288 ?S06:33   0:03 [apache]
Debian-   7716  0.0  0.7 76960 6760 ?S09:23   0:00 [apache]
Debian-   7767  0.0  0.2  7020 2332 ?S09:24   0:00 [exim4]
Debian-   7769  0.0  0.2  6824 2380 ?S09:24   0:00 [exim4]


Not too pretty, and kind of useless!


I agree with the OP.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: [exim4debian] Re: Debian-exim - blech!

2004-09-20 Thread Oliver Elphick
On Mon, 2004-09-20 at 19:47, Tim Kelley wrote:
> > So we shouldn't purge the mail queue and hints database? Since policy
> > requires a purged package to vanish without leaving any trace of its
> > installation, that would be a policy violation.
> 
> Huh? There is no such policy. The policy defines "purge" as "removing
> everything in it's file list except conffiles", and since the
> package's file list could not possibly contain files created post
> installation, it cannot delete anything in the system mail directory.

purge _does_ remove conffiles as well as the whole filelist.  I think it
should also remove files created by the package for its own use, but not
anything else that might happen to be in the same directory, which Marc
seems to think it should do.

Of course, there are some packages which definitely should not remove
all files that they create, not, at least, without asking; editors and
databases, for example.
-- 
Oliver Elphick  [EMAIL PROTECTED]
Isle of Wight  http://www.lfix.co.uk/oliver
GPG: 1024D/A54310EA  92C8 39E7 280E 3631 3F0E  1EC0 5664 7A2F A543 10EA
 
 "But my God shall supply all your need according to his
  riches in glory by Christ Jesus." Philippians 4:19


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: [exim4debian] Re: Debian-exim - blech!

2004-09-20 Thread Tim Kelley
On Mon, Sep 20, 2004 at 01:07:52PM +0200, Marc Haber wrote:
> On Mon, Sep 20, 2004 at 09:48:43AM +0100, Oliver Elphick wrote:
> > "mail" is and always has been a standard system account:
> 
> "mail" is also the account that owns the mail spool, hence all MUAs
> run sgid mail per policy. Running the MTA as mail as well would mean
> that the MTA's queue would have to belong to mail as well, giving MUAs
> read access to the MTA's queue, which is a significant security risk.

That's funny, none of the MUA's on my debian systems are sgid mail, nor is
anything of the kind written in the debian policy that I can see.

> > nor of files that exim4 did not install.
> 
> So we shouldn't purge the mail queue and hints database? Since policy
> requires a purged package to vanish without leaving any trace of its
> installation, that would be a policy violation.

Huh? There is no such policy. The policy defines "purge" as "removing
everything in it's file list except conffiles", and since the
package's file list could not possibly contain files created post
installation, it cannot delete anything in the system mail directory.

-- 
  _   _   _   _   _   _   _   _   _   _   _   _   _  
 / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ 
( t | i | m | @ | i | t | . | k | p | t | . | c | c )
 \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ 
GPG key fingerprint = 1DEE CD9B 4808 F608 FBBF  DC21 2807 D7D3 09CA 85BF


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: [exim4debian] Re: Debian-exim - blech!

2004-09-20 Thread Marc Haber
On Mon, Sep 20, 2004 at 09:48:43AM +0100, Oliver Elphick wrote:
> "mail" is and always has been a standard system account:

"mail" is also the account that owns the mail spool, hence all MUAs
run sgid mail per policy. Running the MTA as mail as well would mean
that the MTA's queue would have to belong to mail as well, giving MUAs
read access to the MTA's queue, which is a significant security risk.

This is the reason why we decided to run exim4 with a non-"mail"
account.

> Of course your argument applies equally to "Debian-exim" - it might be
> assigned to a user; it's quite as likely as that "mail" might be so
> assigned.

I beg to differ here. It is quite more unlikely to re-use an account
with a name _that_ ugly.

> > Second, purging exim4 in such a situation could lead to all files
> > belonging to that user to be deleted.
> 
> Purging exim4 should not cause the deletion of the username

I beg to differ again.

> nor of files that exim4 did not install.

So we shouldn't purge the mail queue and hints database? Since policy
requires a purged package to vanish without leaving any trace of its
installation, that would be a policy violation.

Anyway, I am sick of this discussion. You didn't bring a single new
argument into it. Please try to establish policy about package user
names, or take the issue to the tech ctte. Until then, Debian-exim is
bound to stay.

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Karlsruhe, Germany |  lose things."Winona Ryder | Fon: *49 721 966 32 15
Nordisch by Nature |  How to make an American Quilt | Fax: *49 721 966 31 29


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: [exim4debian] Re: Debian-exim - blech!

2004-09-20 Thread Oliver Elphick
On Fri, 2004-09-17 at 23:35, Marc Haber wrote:
> > I never did understand: what was the problem with "mail"?
> 
> First, installing exim4 would probably re-use the account "mail" which
> might be assigned to a user. This might grant excessive rights to that
> user (for example, access rights to the mail queue).

"mail" is and always has been a standard system account:

mail:x:8:8:mail:/var/mail:/bin/sh

Note the uid of 8 in the system range.

It would therefore be impossible to create a user account called "mail",
because it already exists.  If someone is stupid enough to take over the
"mail" account as a private user account, they deserve anything they
get.  Debian maintainers are not supposed to pervert the system to cope
with system administrators who are totally incompetent.

Of course your argument applies equally to "Debian-exim" - it might be
assigned to a user; it's quite as likely as that "mail" might be so
assigned.

> Second, purging exim4 in such a situation could lead to all files
> belonging to that user to be deleted.

Purging exim4 should not cause the deletion of the username nor of files
that exim4 did not install.

-- 
Oliver Elphick  [EMAIL PROTECTED]
Isle of Wight  http://www.lfix.co.uk/oliver
GPG: 1024D/A54310EA  92C8 39E7 280E 3631 3F0E  1EC0 5664 7A2F A543 10EA
 
 "But my God shall supply all your need according to his
  riches in glory by Christ Jesus." Philippians 4:19


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: [exim4debian] Re: Debian-exim - blech!

2004-09-17 Thread Steve McIntyre
Marc Haber writes:
>On Fri, Sep 17, 2004 at 10:26:01PM +0100, Oliver Elphick wrote:
>> 
>> I never did understand: what was the problem with "mail"?
>
>First, installing exim4 would probably re-use the account "mail" which
>might be assigned to a user. This might grant excessive rights to that
>user (for example, access rights to the mail queue).
>
>Second, purging exim4 in such a situation could lead to all files
>belonging to that user to be deleted.

Do you actually have any evidence that this has caused problems? Exim
3 in woody used the "mail" user just fine for most people...

-- 
Steve McIntyre, Cambridge, UK.[EMAIL PROTECTED]
"I suspect most samba developers are already technically insane... Of
 course, since many of them are Australians, you can't tell." -- Linus Torvalds


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: [exim4debian] Re: Debian-exim - blech!

2004-09-17 Thread Marc Haber
On Fri, Sep 17, 2004 at 10:26:01PM +0100, Oliver Elphick wrote:
> On Fri, 2004-09-17 at 21:01, Marc Haber wrote:
> > > I believe this was done because there is some Debian policy that a
> > > weird user name must be created in this case.
> > 
> > No, the weird account name was chosen in absense of a formal policy
> > to minimize the chance of clashes with account names deliberately
> > created by the local admin.
> 
> I never did understand: what was the problem with "mail"?

First, installing exim4 would probably re-use the account "mail" which
might be assigned to a user. This might grant excessive rights to that
user (for example, access rights to the mail queue).

Second, purging exim4 in such a situation could lead to all files
belonging to that user to be deleted.

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Karlsruhe, Germany |  lose things."Winona Ryder | Fon: *49 721 966 32 15
Nordisch by Nature |  How to make an American Quilt | Fax: *49 721 966 31 29


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: [exim4debian] Re: Debian-exim - blech!

2004-09-17 Thread Peter Hicks
On Fri, Sep 17, 2004 at 10:26:01PM +0100, Oliver Elphick wrote:
>On Fri, 2004-09-17 at 21:01, Marc Haber wrote:
>> > I believe this was done because there is some Debian policy that a
>> > weird user name must be created in this case.
>> 
>> No, the weird account name was chosen in absense of a formal policy
>> to minimize the chance of clashes with account names deliberately
>> created by the local admin.
>
>I never did understand: what was the problem with "mail"?

exim4 seems like an obvious choice, too.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: [exim4debian] Re: Debian-exim - blech!

2004-09-17 Thread Oliver Elphick
On Fri, 2004-09-17 at 21:01, Marc Haber wrote:
> > I believe this was done because there is some Debian policy that a
> > weird user name must be created in this case.
> 
> No, the weird account name was chosen in absense of a formal policy
> to minimize the chance of clashes with account names deliberately
> created by the local admin.

I never did understand: what was the problem with "mail"?

-- 
Oliver Elphick  [EMAIL PROTECTED]
Isle of Wight  http://www.lfix.co.uk/oliver
GPG: 1024D/A54310EA  92C8 39E7 280E 3631 3F0E  1EC0 5664 7A2F A543 10EA
 
 "Honour the LORD with thy substance, and with the  
  firstfruits of all thine increase; So shall thy barns 
  be filled with plenty, and thy presses shall burst out
  with new wine."  Proverbs 3:9,10 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: [exim4debian] Re: Debian-exim - blech!

2004-09-17 Thread Marc Haber
On Fri, Sep 17, 2004 at 10:00:36AM -0700, Ross Boylan wrote:
> On Tue, Sep 14, 2004 at 07:55:48PM -0700, [EMAIL PROTECTED] wrote:
> > ok, I know this has been brought up on the list, but I just want to vent my 
> > frustration at this fine distribution picking such a horrible username for 
> > exim4!
> > 
> > Sheesh! I mean, the maintainers do a fine job otherwise, but I can't believe 
> > that this package is going into sarge this way.

Please see the README.Debian-exim file included with the package, or
on http://q.bofh.de/~mh/stuff/README.Debian-accountname.

> > blech...
> > 
> I believe this was done because there is some Debian policy that a
> weird user name must be created in this case.

No, the weird account name was chosen in absense of a formal policy
to minimize the chance of clashes with account names deliberately
created by the local admin.

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Karlsruhe, Germany |  lose things."Winona Ryder | Fon: *49 721 966 32 15
Nordisch by Nature |  How to make an American Quilt | Fax: *49 721 966 31 29


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Debian-exim - blech!

2004-09-17 Thread Ross Boylan
On Tue, Sep 14, 2004 at 07:55:48PM -0700, [EMAIL PROTECTED] wrote:
> ok, I know this has been brought up on the list, but I just want to vent my 
> frustration at this fine distribution picking such a horrible username for 
> exim4!
> 
> Sheesh! I mean, the maintainers do a fine job otherwise, but I can't believe 
> that this package is going into sarge this way.
> 
> blech...
> 
I believe this was done because there is some Debian policy that a
weird user name must be created in this case.  I'm not sure what the
scope of the policy is (mail programs, daemons, all created accounts),
and I can't find it in the policy manual.  Maybe it's an upstream exim
requirement/recommendation. 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Debian-exim - blech!

2004-09-14 Thread exim4
ok, I know this has been brought up on the list, but I just want to vent my 
frustration at this fine distribution picking such a horrible username for 
exim4!

Sheesh! I mean, the maintainers do a fine job otherwise, but I can't believe 
that this package is going into sarge this way.

blech...


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]