Re: Aliases expanded with root privs?

[Matti Aarnio <mea@nic.funet.fi>]

On Sun, Feb 16, 2003 at 06:33:48PM +0100, Artur Meski wrote:
> Is everything ok, if my ZMailer aliases are expanded with root
> privileges?  Isn't it dangerous?

That is ok.

When a number of conditions are fullfilled, router allows the result
to be with privilege of database file owner.  If those are not met,
result will be of "nobody", which (among other things) disables
execution of commands in pipes.

  http://zmailer.org/zman/zadm-security.html

"The specific measure of trustworthiness chosen by ZMailer, is simply a
numeric user id (uid) value representing the source of the address."

Observe also:
  http://zmailer.org/zman/zins-sysconfig.html#ZINS.DB.DBASES.CONF.FILE

where associated example has two "aliases" databases.  One owned by
"root", other owned by "majordomo".

In that example,  Majordomo can edit its own (sub) database, and
recompile it into binary database independent of sysadmin doing
full compilation.

The actual work-engine underneath "zmailer newdb" command could
be a bit smarter, like when executed non-root, not generate a bunch
of *.zmsh files, nor compile databases whose owner does not match
the executioner of the script.


A security-review of  "makedb"  would be in oder, of course.
Does it open files (databases) securely for creation -- actually
there is not much one can do, various database libraries do that
file creation all by themselves...

> -- 
> // Artur Meski // email: artur@cifrid.net // www: artur.black.pl //

-- 
/Matti Aarnio	<mea@nic.funet.fi>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi