From: CaT <cat@zip.com.au>
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Alexander Viro <viro@math.psu.edu>,
"Mohammad A. Haque" <mhaque@haque.net>,
ttel5535@artax.karlin.mff.cuni.cz,
"Mike A. Harris" <mharris@opensourceadvocate.org>,
linux-kernel@vger.kernel.org
Subject: Re: [OFFTOPIC] Re: [PATCH] Single user linux
Date: Wed, 25 Apr 2001 01:11:32 +1000 [thread overview]
Message-ID: <20010425011132.H1245@zip.com.au> (raw)
In-Reply-To: <20010425004710.F1245@zip.com.au> <E14s4Hq-0002F0-00@the-village.bc.nu>
In-Reply-To: <E14s4Hq-0002F0-00@the-village.bc.nu>; from alan@lxorguk.ukuu.org.uk on Tue, Apr 24, 2001 at 03:59:28PM +0100
On Tue, Apr 24, 2001 at 03:59:28PM +0100, Alan Cox wrote:
> What is this gid mail crap ? You don't need priviledge. You get the mail by
> asking the daemon for it. procmail needs no priviledge either if it is done
> right.
>
> You just need to think about the security models in the right way. Linux gives
> you the ability to do authenticated uid/gid checking over a socket connection.
> That is an incredibly powerful model for real compartmentalisation.
Ok. My experience isn't all that great so I may well be missing something
here. But what?
1. email -> sendmail
2. sendmail figures out what it has to do with it. turns out it's deliver
it locally for user blah
3. sendmail starts procmail so that it delivers the email.
4. procmail goes through the recepie list for user blah and eventually
delivers the email (one way or another)
Now, in order for step 4 to be done safely, procmail should be running
as the user it's meant to deliver the mail for. for this to happen
sendmail needs to start it as that user in step 3 and to do that it
needs extra privs, above and beyond that of a normal user.
Now as I said, I'm not a UNIX God[tm] and so I may well be missing something
vital. If so, what is it? This sounds like something that would be way
useful to learn. :)
--
CaT (cat@zip.com.au) *** Jenna has joined the channel.
<cat> speaking of mental giants..
<Jenna> me, a giant, bullshit
<Jenna> And i'm not mental
- An IRC session, 20/12/2000
next prev parent reply other threads:[~2001-04-24 15:12 UTC|newest]
Thread overview: 92+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <Pine.LNX.4.33.0103181407520.1426-100000@mikeg.weiden.de>
2001-03-18 14:43 ` changing mm->mmap_sem (was: Re: system call for process information?) Rik van Riel
2001-03-18 18:13 ` Linus Torvalds
2001-04-24 11:44 ` [PATCH] Single user linux imel96
2001-04-24 12:04 ` Alexander Viro
2001-04-24 12:44 ` imel96
2001-04-24 12:58 ` Daniel Stone
2001-04-24 13:27 ` imel96
2001-04-24 13:38 ` Daniel Stone
2001-04-24 14:04 ` problem found (was Re: [PATCH] Single user linux) imel96
2001-04-24 14:06 ` Daniel Stone
2001-04-24 14:47 ` Xavier Bestel
2001-04-25 18:13 ` Paul Jakma
2001-04-25 0:01 ` [PATCH] Single user linux Aaron Lehmann
2001-04-25 0:07 ` Daniel Stone
2001-04-25 0:16 ` Alan Cox
2001-04-25 0:34 ` Daniel Stone
2001-04-25 0:52 ` Gerhard Mack
2001-04-25 7:46 ` Ronald Bultje
2001-04-25 14:17 ` Disconnect
2001-04-27 20:06 ` Jim Gettys
2001-04-26 19:41 ` Pavel Machek
2001-04-27 19:00 ` Erik Mouw
2001-04-27 13:12 ` Robert Varga
2001-04-27 12:42 ` [OT] linux on pda was " Collectively Unconscious
2001-04-27 19:05 ` Erik Mouw
2001-04-27 13:34 ` Daniel Stone
2001-04-25 0:20 ` Aaron Lehmann
2001-04-25 0:32 ` Daniel Stone
2001-04-25 0:35 ` Aaron Lehmann
2001-04-25 0:43 ` Daniel Stone
2001-04-25 7:45 ` Alan Cox
2001-04-25 7:55 ` Daniel Stone
2001-04-25 15:07 ` Jonathan Lundell
2001-04-25 14:42 ` Jordan Crouse
2001-04-26 19:47 ` Pavel Machek
2001-04-25 1:12 ` Disconnect
2001-04-25 0:26 ` Jonathan Lundell
2001-04-25 7:13 ` Mike A. Harris
2001-04-26 19:54 ` agenda & vtech helio [was Re: [PATCH] Single user linux] Pavel Machek
2001-04-25 7:04 ` [PATCH] Single user linux Mike A. Harris
2001-04-26 19:35 ` Pavel Machek
2001-04-27 14:26 ` Daniel Stone
2001-04-24 13:40 ` Mohammad A. Haque
2001-04-25 5:29 ` Ben Ford
2001-04-24 12:59 ` Alexander Viro
2001-04-24 13:02 ` Sean Hunter
2001-04-24 13:03 ` Roland Seuhs
2001-04-24 13:50 ` Mike A. Harris
2001-04-24 13:13 ` Richard B. Johnson
2001-04-24 13:37 ` imel96
2001-04-25 7:57 ` Helge Hafting
2001-04-25 10:42 ` Albert D. Cahalan
2001-04-24 14:03 ` Alan Cox
2001-04-24 14:10 ` imel96
2001-04-24 14:27 ` Mike A. Harris
2001-04-24 14:30 ` Alan Cox
2001-04-24 15:07 ` Jeremy Jackson
2001-04-24 17:43 ` Russell King
2001-04-24 18:37 ` Garett Spencley
2001-04-24 12:51 ` Mohammad A. Haque
2001-04-24 13:07 ` Alexander Viro
2001-04-24 12:52 ` [OFFTOPIC] " Mike A. Harris
2001-04-24 13:18 ` Tomas Telensky
2001-04-24 13:34 ` Mohammad A. Haque
2001-04-24 13:40 ` Alexander Viro
2001-04-24 14:18 ` Alan Cox
2001-04-24 14:22 ` Alexander Viro
2001-04-24 14:37 ` Alan Cox
2001-04-24 14:41 ` Alexander Viro
2001-04-24 14:47 ` CaT
2001-04-24 14:59 ` Alan Cox
2001-04-24 15:11 ` CaT [this message]
2001-04-24 15:53 ` Alan Cox
2001-04-24 16:04 ` Alex Riesen
2001-04-24 17:02 ` Jesse Pollard
2001-04-24 17:16 ` Alan Cox
2001-04-24 17:30 ` Markus Schaber
2001-04-24 14:30 ` Gábor Lénárt
2001-04-24 14:49 ` Pjotr Kourzanoff
2001-04-24 14:56 ` Gábor Lénárt
2001-04-24 14:59 ` CaT
2001-04-24 15:17 ` Pjotr Kourzanoff
2001-04-24 14:50 ` Gerhard Mack
2001-04-24 15:00 ` Alan Cox
2001-04-24 13:37 ` Alexander Viro
2001-04-24 13:52 ` Tomas Telensky
2001-04-24 14:07 ` Alexander Viro
2001-04-24 19:03 ` David Gómez
2001-04-25 5:26 ` Ben Ford
2001-04-24 17:55 ` J Sloan
2001-04-24 17:06 ` Stephen Satchell
2001-04-24 15:11 [OFFTOPIC] " Jesse Pollard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20010425011132.H1245@zip.com.au \
--to=cat@zip.com.au \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=mhaque@haque.net \
--cc=mharris@opensourceadvocate.org \
--cc=ttel5535@artax.karlin.mff.cuni.cz \
--cc=viro@math.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox