Adam Chlipala <[EMAIL PROTECTED]> wrote: > Michael Olson wrote: >> This I'm not very happy about. Is there some way for the server to >> call procmail with some "subset" of the user's token and the mail >> delivery token, so that one user could not write to another user's >> mail directory? >> >> Though come to think of it, the same problem probably exists (if I >> understand it correctly) on normal procmail installations as well, so >> we wouldn't actually be taking a step backwards. Still, it's a >> concern. > > Is it really true that our current Exim set-up (on fyodor) allows > users to run programs with more privileges than they would normally > be able to? If so, I wasn't aware of that at all, and it violates > our basic policy about never letting a user run a program as any user > but his own, through direct or indirect means.
I'm guessing it changes to the appropriate uid before attempting to do anything, so it should be safe. <<CDC _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
