[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Mandating PERL for ZMailer system ??

  So far I have tried to do all scripting in SH, if not coding things
  outright in C.

  Now I am considering (re)writing  newdb  utility in PERL  so that I
  can include there all manner of security related issues about database
  compilation controls.

  This relates to  proto/db/dbases.conf  file I have introduced to
  ZMailer CVS tree a few months ago in order of having a simpler way
  to manage all databases in the system.  And among other things, to
  have unified call interface spanning multiple backend files in sequence,

#|Security sensitive ones ("dbpriv" must be defined!)
#| aliases         $DBTYPE  root:0:644   -la $MAILVAR/db/aliases      -lm
#| aliases         $DBTYPE  someuser:somegroup:664 -la $MAILVAR/db/aliases-2 -lm
#| fqdnaliases     $DBTYPE  root:0:644 -la $MAILVAR/db/fqdnaliases    -lm
#| userdb          $DBTYPE  root:0:644 -la $MAILVAR/db/userdb         -lm
#|Security insensitive ones ("dbpriv" need not be defined!)
#| routesdb        $DBTYPE  -    -l  $MAILVAR/db/routes         -lm
#| thishost        $DBTYPE  -    -l  $MAILVAR/db/localnames     -lm
#| thishost        unordered -   -   $MAILVAR/db/localnames     -l
#| thishost        bind,mxlocal - -  -                          -l

	As an example, the two "aliases" lines translate to following:
	(Or rather, their uncommented counterparts at my workstation)

$ cat /opt/mail/db/aliases.zmsh 
# ZMSH init script for relation: aliases

# ---boilerplate head
        relation -lm -t $DBTYPE -f $MAILVAR/db/aliases$DBEXT aliases_1
        relation -lm -t $DBTYPE -f $MAILVAR/db/aliases-2$DBEXT aliases_2
# boilerplate tail---

aliases(key) {
    local a
        if a="$(aliases_1 "$key")"; then
            priv="$(filepriv -M 644 $MAILVAR/db/aliases$DBEXTtest \
                            $(db owner aliases_1))" &&
            return "$a"
        if a="$(aliases_2 "$key")"; then
            priv="$(filepriv -M 664 $MAILVAR/db/aliases-2$DBEXTtest \
                            $(db owner aliases_2))" &&
            return "$a"
    return 1

	However during generation of this DB, a "newdb" process
	must be run, and that needs to switch to use appropriate
	UID and GID, plus UMASK so that the new DB files can be

	The example above is semi fabricated, but not entirely false..
	One would perhaps need to allow group-write access to the
	$MAILVAR/db/ directory, which isn't a very nice thing to do..
	On the other hand, nobody prevents system from using some
	other (preferrably in local filesystem) directory for the
	"aliases-2" database.

/Matti Aarnio	<mea@nic.funet.fi>