Bryan Henderson wrote:
this out. But the difference is that the piped-to transport program is a much simpler program, and the goal is to have the setuid flag on the smallest, simplest possible programs so as to avoid opening up a security hole due to human confusion.
and
I have a program called "socketexec" that simply binds a socket and then execs a named program with it as Standard Input. Kind of like a junior inetd. A similar program sets uids and such and then execs a named program, passing on all open files.
and
That's what I'm hoping a setuid (and possibly execute-permitted only to the exim group) piped-to program can accomplish.
Sound to me like you want to re-invent qmail, daemontools and ucspi-tcp. Personally I've given up on using those for e-mail, but if security outranks all other concerns by a few orders of magnitude then why not. If you're not familiar with qmail, you may want to check out "The big qmail picture": http://www.nrg4u.com/qmail/the-big-qmail-picture-103-p1.gif And few more links: http://cr.yp.to/ http://www.qmail.org/ http://www.lifewithqmail.org/lwq.html Bob -- ## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
