----- Original Message ----- From: "Tom Collins" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 10, 2003 7:34 PM Subject: Re: [qmailadmin] QmailAdmin 1.2.0-pre1
> I can't recall if or how it worked in 1.0.6. I do know that when it > worked in the development releases, it allowed users to put ANYTHING in > their .qmail file which is a bit of a security problem. vdelivermail > is running as vpopmail, so it would be possible for a malicious user to > do things up to and including deleting ~vpopmail. > > How do normal qmail installs handle this? I assume that qmail-local > usually runs as root and does a setuid() to the user's account before > processing their .qmail file. > I don't need qmailadmin to allow me to put tmda settings in my .qmail files there is a cgi for tmda that does all that for me, I just need qmailadmin to let the settings be and not remove them. I never have used qmailadmin in anyway for editing settings to the .qmail files for tmda because of the nice cgi that comes with tmda. I have never had a problem with qmailadmin removing my tmda settings from the .qmail files, but I also have not upgraded now that qmailadmin will remove this stuff. -John
