[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Zmailer as non-root uid

To: vit@lipetsk.ru (Victor Gamov)
Subject: Re: Zmailer as non-root uid
From: mea@nic.funet.fi
Date: Thu, 14 Jan 1999 14:30:41 +0200 (GMT)
Cc: zmailer@nic.funet.fi
In-Reply-To: <369DD2F7.12B15049@lipetsk.ru> from "Victor Gamov" at Jan 14, 99 02:20:23 pm

> 	Hi guys!
> 
> 	What do you think about running Zmailer as non-root account?
> IMHO only mailmox TA needed to be root suid.

	Yes, doable with certain limitations:
	- Router must not try to access people's  .forward  files
	- No pipes shall be run under 'mailbox'
	- All userids in the system shall be the same

	Oh yes, setting 'mailbox' to be suid-root is *not* recommended!
	In fact I think you can break your system security badly if you
	do it!  After all, it is not written to be run as 'suid-root',
	just 'run by root'.   (It could be turned suidable, but I don't
	trust myself to do good work at it, so I won't try it.  One of
	the basic ideas in ZMailer is not to need suid-anything programs.)

> --
> 	CU, Victor Gamov

/Matti Aarnio <mea@nic.funet.fi>

References:
- Zmailer as non-root uid
  - From: Victor Gamov <vit@lipetsk.ru>

Prev by Date: Zmailer as non-root uid
Next by Date: ETRN
Prev by thread: Zmailer as non-root uid
Next by thread: ETRN
Index(es):
- Date
- Thread