Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Tue, 24 Apr 2001 11:12:49 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Tue, 24 Apr 2001 11:12:30 -0400 Received: from theirongiant.weebeastie.net ([203.62.148.50]:56077 "EHLO theirongiant.weebeastie.net") by vger.kernel.org with ESMTP id ; Tue, 24 Apr 2001 11:12:21 -0400 Date: Wed, 25 Apr 2001 01:11:32 +1000 From: CaT To: Alan Cox Cc: Alexander Viro , "Mohammad A. Haque" , ttel5535@artax.karlin.mff.cuni.cz, "Mike A. Harris" , linux-kernel@vger.kernel.org Subject: Re: [OFFTOPIC] Re: [PATCH] Single user linux Message-ID: <20010425011132.H1245@zip.com.au> In-Reply-To: <20010425004710.F1245@zip.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from alan@lxorguk.ukuu.org.uk on Tue, Apr 24, 2001 at 03:59:28PM +0100 Organisation: Furball Inc. Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 24, 2001 at 03:59:28PM +0100, Alan Cox wrote: > What is this gid mail crap ? You don't need priviledge. You get the mail by > asking the daemon for it. procmail needs no priviledge either if it is done > right. > > You just need to think about the security models in the right way. Linux gives > you the ability to do authenticated uid/gid checking over a socket connection. > That is an incredibly powerful model for real compartmentalisation. Ok. My experience isn't all that great so I may well be missing something here. But what? 1. email -> sendmail 2. sendmail figures out what it has to do with it. turns out it's deliver it locally for user blah 3. sendmail starts procmail so that it delivers the email. 4. procmail goes through the recepie list for user blah and eventually delivers the email (one way or another) Now, in order for step 4 to be done safely, procmail should be running as the user it's meant to deliver the mail for. for this to happen sendmail needs to start it as that user in step 3 and to do that it needs extra privs, above and beyond that of a normal user. Now as I said, I'm not a UNIX God[tm] and so I may well be missing something vital. If so, what is it? This sounds like something that would be way useful to learn. :) -- CaT (cat@zip.com.au) *** Jenna has joined the channel. speaking of mental giants.. me, a giant, bullshit And i'm not mental - An IRC session, 20/12/2000 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/