dma user config
Simon 'corecode' Schubert
corecode at fs.ei.tum.de
Sun Feb 3 12:21:26 PST 2008
Matthew Dillon wrote:
Generally speaking you do not want to have per-user DMA configs at
all, it's just too big of a security risk.
Yes, I think we should cut on that front (for now).
What you could do is allow user extensions ala postfix style '.'
extensions to the target name. For example:
dillon at backplane.com
dillon.fubar at backplane.com <--- also routes to dillon
Where would you use this? I know that postfix does that for +. But
that's only for delivery, not for transport.
The per-user aliases file (~/.forward) can pipe to programs, which
means it really has to be run in the context of the user. DMA itself
does not have to run as root but you will need a local delivery
agent that either runs as root or is suid root.
Yes, that's a problem. I think we should get the current version in shape
and then think of a safe way to do it. I don't want to add local root
exploits via our new mailer.
cheers
simon
--
Serve - BSD +++ RENT this banner advert +++ ASCII Ribbon /"\
Work - Mac +++ space for low €€€ NOW!1 +++ Campaign \ /
Party Enjoy Relax | http://dragonflybsd.org Against HTML \
Dude 2c 2 the max ! http://golden-apple.biz Mail + News / \
More information about the Kernel
mailing list