dma user config

Simon 'corecode' Schubert corecode at
Sun Feb 3 12:21:26 PST 2008

Matthew Dillon wrote:
     Generally speaking you do not want to have per-user DMA configs at 
     all, it's just too big of a security risk.
Yes, I think we should cut on that front (for now).

     What you could do is allow user extensions ala postfix style '.'
     extensions to the target name.  For example:
     dillon at
     dillon.fubar at  <--- also routes to dillon
Where would you use this?  I know that postfix does that for +.  But 
that's only for delivery, not for transport.

     The per-user aliases file (~/.forward) can pipe to programs, which
     means it really has to be run in the context of the user.  DMA itself
     does not have to run as root but you will need a local delivery
     agent that either runs as root or is suid root.
Yes, that's a problem.  I think we should get the current version in shape 
and then think of a safe way to do it.  I don't want to add local root 
exploits via our new mailer.

Serve - BSD     +++  RENT this banner advert  +++    ASCII Ribbon   /"\
Work - Mac      +++  space for low €€€ NOW!1  +++      Campaign     \ /
Party Enjoy Relax   |      Against  HTML   \
Dude 2c 2 the max   !       Mail + News   / \

More information about the Kernel mailing list