On Mon, Feb 24, 2014 at 03:30:14PM +0100, Baptiste Daroussin wrote:

> On Mon, Feb 24, 2014 at 06:17:37PM +0400, Slawa Olhovchenkov wrote:
> > On Sun, Feb 23, 2014 at 10:11:56PM +0100, Baptiste Daroussin wrote:
> > 
> > > As some of you may have noticed, I have imorted a couple of days ago dma
> > > (DragonFly Mail Agent) in base. I have been asked to explain my 
> > > motivation so
> > > here they are.
> > 
> > What's about suid, security separations & etc?
> What do you mean? dma is changing user as soon as possible, dma will be
> capsicumized, what else do you want as informations?

sendmail (in the past) have same behaviour (run as root and chage
This is some security risk.
For many  scenario change user is not simple (for example -- send file
from local user A to local user B, file with permsion 0400).
sendmail will be forced to change behaviour -- mailnull suid program
for place mail into queue and root daemon for deliver to user.
This is more complex.
Can be dma avoid this way?

freebsd-current@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to