On Tue, Feb 04, 2003 at 10:27:41AM -0800, Horst <[EMAIL PROTECTED]> writes:
| > It's a bad idea for root to receive mail directly (ie. because | > you then invoke a mail client as root, and read a spool file | > full of potentially malicious data from the net). | | Interesting. Could you expand a bit on that ? | I am using a text based mailer, and almost never GUI as root. The danger here really boils down to doing a simple task -- requiring few privileges (ie. reading mail) -- as a user with way-too-many privileges (root is the obvious example). Any mail client (gui or not) can have security bugs (eg. pine has a history of exploitable buffer overflows). The idea here is Principle of Least Authority (POLA) -- give only as much authority as is needed to complete a task and no more. In this respect, the concept of even having a root user is pretty flawed, but I digress ... You just want to read root's mail in a reasonable safe way. | As I said earlier, I like root to handle internal administrative tasks, | and receive reports generated by root's own cron jobs (I'd consider that a | clean concept since that's what root is for, though security issues add | another twist to it). | | So | a) creating an admin user that receives root's mail | b) an alias for root, like pine='su - admin' | c) last step of login script for admin opens pine | d) upon pine exit admin logs out | would make it both, smooth and safe, I guess. | | - Horst You could also make admin's shell /usr/local/bin/pine -- bypassing the login script entirely. Note though that this doesn't prevent `admin' from having shell access -- many mail clients allow you to exec shell commands. -- Darren Shepard | +1 503 409 4078 | http://darren.shepard.org/ pgpfpr: 96D1 FB79 4617 1A06 BA50 8FD8 E16D 6F5F 31F0 A7D2 _______________________________________________ Eug-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
