Anders Brander writes: > If you add a special group to every user you are back where you started.
I didn't say it was a good solution. I said it was a solution. Compared to that, a lot of the alternatives look good. > I can't see what's wrong with a mysql user per system user. That would > be really clean and effective. It could get rather unwieldy if you use MySQL for other things. > If the admistrative tools is integrated into vpopmail, i fail to > see any troble ahead (user/admin-vice). I can see one. I set up a system user. Who wants e-mail. So then I have to use another tool to add that user to vpopmail. > It would completely remove any use for any setuid/setgid-hacks. That is the one advantage I see to it. Whether or not one views that advantage as compelling is another matter. > > 3) A very small utility that is setgid vpsql. It does the following > > when passed a username and password to verify. > > You will also need small tools to do all other sorts of operations, > quota, valias and so on. I did mention those at the end. And even said that I preferred several small tools to one large one that use switches to decide what it did because that would mean more code and a harder time auditing it. > > c) Connects to MySQL. > > - and forgets username and password. OK, I take your point. It no longer needs them at that juncture and it's barely possible there's something exploitable later. > It's not as simple as that, think about APOP authentication... I don't have need of APOP so I didn't think about it. I was trying to establish the general principle for doing it setgid with minimal risks. I think something (well, several somethings) along those lines would be feasible without opening up vulnerabilities. None of us like set-id and try to avoid it, but there are times when it is better than the alternatives (if sufficient care is taken). Compared to the major hunk of setuid code that is sendmail and which a lot of systems run, this ought to be far less likely to be exploited. It's not the only solution and it may turn out not to be the best solution, but at least it's there for consideration (and possible improvement). -- Paul Allen Softflare Support
