Hi Paul and others, On Fri, 2003-09-12 at 14:32, Paul L. Allen wrote: > > IMHO it's the correct (tm) way to do things. It's not just a fiddle, > > it's the best solution. I would say that the setuid-thing is a fiddle. > I think which way you regard as a fiddle depends very much upon what you > do on your system.
Yep indeed :) > > I think we confused eachother, we were talking about two different > > cases. > > I: When domain.tld is given a systemuser for their mail. > Ah, we don't do that. We probably could, since we have to give them > a system user to FTP their web site, but why bother when vpopmail lets > you get away with a single user? Extra security? I've always hated the vpopmail model, "all users are one user" > Oh, unless you're using a PHP webmail [snip] There could be many other reasons to give domainmail-admins system-users. Admin'ing mailinglists for one. > > You: When systemusers needed personal mail. > > - and now i can see the trouble ahead, but not that much trouble. > The trouble is that vpopmail can be used in so many different ways. Yep, or maybe the biggest feature. But hey, qmail is delivering to systemusers isn't it? vdeliver doesn't even get run? > > I was illustrating that it could quickly get hairy, when arguments have > > to be passing to/from these tools. > I think argument and value passing is reasonably well understood, > relatively easy to code and the methods of avoiding buffer overflows > known if not always widely applied. Provided the utilities are > restricted to reading and writing the database it should be easy to > ensure there are no known exploitable holes. But theres much more to it than buffer overflows. How do we trust the calling program, for one thing? > > Ohh boy i'm glad we are on a qmail-oriented list, elsewise we would have > > the great sendmail-flamefest now :) > Indeed. But it's a valid point. Given the number of systems running [snip] I didn't say that it wasn't a valid point! /Anders
