dma user config
Matthew Dillon
dillon at apollo.backplane.com
Sun Feb 3 13:22:32 PST 2008
:Where would you use this? I know that postfix does that for +. But=20
:that's only for delivery, not for transport.
'+' is what I meant. The main thing is that it 'survives' transport.
That is, insofar as any remote transport is concerned, fubar+1 and
fubar+2 are distinct mail addresses. So it can be used to 'tag'
a mailing address.
For example, when you buy something on the internet you can use
username+blah at your.host and then know who gave your email address
away when you get spammed. Similarly for a mailing list you
can tell how your address was harvested.
Another example is the use of unique identifiers which are associated
with a database and a timeout, creating 'limited use' mail addresses
for which any incoming mail after the timeout is either thrown away
or run through a verification scheme.
And other possibilities.
:Yes, that's a problem. I think we should get the current version in shap=
:e=20
:and then think of a safe way to do it. I don't want to add local root=20
:exploits via our new mailer.
:
:cheers
: simon
It can be safely done if you fork a process that is already running as
root, detach it from the original root process except for a pipe, and
then assume an identity for the remainder of the life of the child
process.
It is far less safe if you allow the user to exec a suid program. I
really hate SUID binaries and would recommend against them. A mail
front-end, for example, should connect to a service already running
as root and NOT itself be a SUID binary.
If I were to give advise here, it would be 'don't worry about the
peformance cost of doing a fork()'.
-Matt
Matthew Dillon
<dillon at backplane.com>
More information about the Kernel
mailing list