[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mail.local vs. Smail3

To: "Todd C. Miller" <Todd.Miller@courtesan.com>
Subject: Re: mail.local vs. Smail3
From: Louis Bertrand <louis@signalpath.on.ca>
Date: Mon, 4 Jan 1999 18:45:26 -0500 (EST)
cc: stanislav shalunov <shalunov@websci.com>, OpenBSD Misc List <misc@openbsd.org>


On Mon, 4 Jan 1999, Todd C. Miller wrote:

> In message <36912162.7C66@websci.com>
> 	so spake stanislav shalunov (shalunov):
> 
> > Why not remove the stupid check altogether?  These "if (uid!=0)"
> > add *no* security value and are just annoyance.  Just open the
> > mailbox for appending; if open() fails, say why and exit with
> > an appropriate error code.
> 
> Because mail.local is generally not run with the same uid as the
> recepient.  Also you can't make lock files then...
> 
>  - todd
> 

OK on the lock files, but otherwise why should it not be run with
recipient UID? Tradition?

Ciao!
 --Louis

Louis Bertrand, Bowmanville, ON, Canada
<louis@signalpath.on.ca>
OpenBSD: Security matters  <www.OpenBSD.org>

References:
- Re: mail.local vs. Smail3
  - From: "Todd C. Miller" <Todd.Miller@courtesan.com>

Prev by Date: Re: mail.local vs. Smail3
Next by Date: PMAX console
Prev by thread: Re: mail.local vs. Smail3
Next by thread: PMAX console
Index(es):
- Date
- Thread