In message <20010518203508.DCF0EC3at_private>, Greg A. Woods writes: > [ On Friday, May 18, 2001 at 11:18:51 (-0400), Wietse Venema wrote: ] > > 3 - User-specified shell commands. Traditionally, a user can specify > > any shell command in ~user/.forward, and that command will execute > > with the privileges of that user. This requires SUPER-USER privileges > > in the mail delivery software itself or in mail helper software. > > Oh, OK, you've got me on that one! ;-) > > I was trying very carefully to avoid that particular pit of snakes, but > I suppose I should have known it was inevitable that someone would find > me out eventually! A small helper program to handle shell command .forward files would be a lot more secure than an MTA performing the deed. It's not a perfect solution but is a lot better than what we've got now for the simple reason that a smaller program is easier to audit and thus generally more secure than a larger more complex program. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubertat_private Open Systems Group, ITSD, ISTA Province of BC
This archive was generated by hypermail 2b30 : Sat May 19 2001 - 18:29:10 PDT