On 7-Mar-2003 08:00 Andreas Aardal Hanssen wrote:
|
| I am willing to consider another approach if you can point me to
| information about why it's a bad idea. I searched on google groups a bit
| and all I found was people that recommended this behavior over other
| solutions. :/
There are still systems that allow anyone to look at the
environment of another process (e.g., ps -e). Newer versions
of linux 2.[24]/freebsd/others protect against this, but it's
still considered a bad idea. I would recommend using a pipe/fd
instead.
| >I'm seeking advice from the binc community about how best to
| >approach the vmailmgr problem. Some of my own ideas:
| > 1. write a replacement for bincimap-uidpwd which honours
| > the MAILDIR environment variable and includes it as
| > the trailing part of <dir> in its output. This means
| > that: vmailmgr's default-maildir would have to be
| > changed depending on virtual/system user; or binc's
| > conf setting Mailbox { path = "" } would be required.
|
| This is definitely the best. The bincimap-uidpwd program is extremely
| simple - it just reports uid, gid and pwd. If you write a replacement (in
| perl/bash that adds $MAILDIR to the pwd path, that will suffice. Remember
| to set Mailbox { path = ""; } in the conf file.
|
| > 3. have the authenticator also return the maildir.
| > if absent, the binc conf setting would be used.
|
| This is in practise what the uidpwd program is meant to do. :-)
|
| The authenticator can change to new directories as much as is needed,
| because in the end it's bincimapd that changes (and/or chroots) to the
| Maildir.
Right, except that bincimapd is expecting a path that it can chroot()
to (after it appends 'Mailbox { path }'). I suppose I was making
a distinction between the uidpwd dir, which is typically the home of
the auth'd user, and the maildir. These coincide for system users
for Mailbox { path = ""; }, but this isn't necessarily so for virtual
users.
In the case of checkvpw, the restrictions make sense when you only
have a single mailbox (like with POP3) or all your folders exist
as subdirectories of your Maildir (=INBOX) as with Maildir++.
With a more open folder structure, the cwd is likely just the best
location where the (system) user has write privileges and the
maildir is the default (INBOX) mail folder for (virtual) users.
I'm still concerned about chroot'ing to a Maildir (see my mail in
another thread) and having a uidpwd that behaves as in (1) above
compounds the problem.
--
-dale
