Mate Wierdl <[EMAIL PROTECTED]> writes:
> On Tue, Dec 22, 1998 at 10:17:26AM -0800, Russ Allbery wrote:
>> Simon Casady <[EMAIL PROTECTED]> writes:
>>> I have never understood this one. The obvious answer is to put code
>>> into qmail-start to read the password file for the proper ids and pass
>>> them on to the programs it starts. No config files, standard Unix
>>> functions, no problems with binary installs.
>> And a potential network access on start to do NIS lookups.
> If the above remark is not ironic:
It's not.
> should not the qmail users/groups be locally specified?
They should be. But the point is that getpwnam() invokes network code in
the system libraries on a lot of platforms. Personally, that doesn't
bother me all that much and I'm inclined to think that it's an acceptable
security risk, but as I'm sure you know, Dan really doesn't trust libc.
And he does have good reason.
If one isn't going to use the standard libc calls to look up UIDs in the
password file (and I doubt Dan would be comfortable doing that), then
there really isn't much gained by reading UIDs from the password file
rather than reading them from some considerably simpler file format.
> Is NIS secure?
Heh.
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
