[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sender rewriting fixed and other misc things

To: Eugene Crosser <crosser@online.ru>
Subject: Re: sender rewriting fixed and other misc things
From: Matti Aarnio <mea@nic.funet.fi>
Date: Wed, 3 Jan 2001 18:18:26 +0200
Cc: zmailer@nic.funet.fi
In-Reply-To: <ML-3.4.978535697.8335.crosser@ariel.sovam.com>; from crosser@online.ru on Wed, Jan 03, 2001 at 06:28:17PM +0300
References: <20001230131950.B28708@nic.funet.fi> <ML-3.4.978535697.8335.crosser@ariel.sovam.com>

On Wed, Jan 03, 2001 at 06:28:17PM +0300, Eugene Crosser wrote:
> > > 3. X-Envelope-To: contains irrelevant figure for uid (nobody's?)
> > 
> >      In case of pipe runs or file storages it should be indicative
> >      of what privilege is used to run the injection.  For mailbox
> >      injection things work differently, of course.
> 
> Not pipes!  That's what is written into user's mailbox.
> The mailbox file itself, if it needs to be created, has correct
> owner, but the value in the X-Envelope-To is incorrect.

  I mean that for mailbox writing the RECIPIENT QUAD contained privilege
  value is as much as ignored.  It is often "nobody", as it indicates
  trustworthiness of the source of the recipient address.  Consider e.g.
  <"|/prog/path"@localhost> type of inputs -- external SMTP source must
  not be allowed to execute arbitary commands, that is purely internal
  privilege.

> Eugene

-- 
/Matti Aarnio	<mea@nic.funet.fi>

References:
- Re: sender rewriting fixed and other misc things
  - From: Eugene Crosser <crosser@online.ru>

Prev by Date: Re: sender rewriting fixed and other misc things
Next by Date: Zmailer relaying problem ... (again)
Prev by thread: Re: sender rewriting fixed and other misc things
Next by thread: Zmailer relaying problem ... (again)
Index(es):
- Date
- Thread