-- | Cui bono? | On 17.12.2009, Davide Libenzi <[email protected]> wrote: > On Thu, 17 Dec 2009, Davide Libenzi wrote: > > On Thu, 17 Dec 2009, Stephan Müller wrote: > > > On 17.12.2009, Davide Libenzi <[email protected]> wrote: > > > > On Thu, 17 Dec 2009, Stephan Mueller wrote: > > > > > Hi, > > > > > > > > > > I am starting to use xmail on an embedded system based on ARM. Due > > > > > to the limited space available, I had to make IPv6 and SSL support > > > > > a compile time option. > > > > > > > > > > Essentially, I added a bunch of ifdefs around the problematic code. > > > > > There are not that many though. > > > > > > > > > > Do you want to have these patches? > > > > > > > > I will not merge them, but you can send them in if you like. Better > > > > yet, is if you post a link, which I can add to the XMail home page. > > > > Keep in mind though, that the new random tmp file name generation is > > > > based in part upon RAND_pseudo_bytes(), which is part of OpenSSL. > > > > > > Hm, is it possible to refrain from OpenSSL? > > > > > > The best solution IMHO (because it uses an atomic operation) is mkdir. > > > > > > 1. register signal handler for signals 0, 1, 2, 3, 15 which removes > > > /tmp/xmail > > > > > > 2. mkdir(/tmp/xmail) with permissions 755 at the startup of xmail > > > > > > 3. return /tmp/xmail/<sometmpfile> during the operation of xmail > > > > It'd be possible something similar, yes. But this will need to be > > optional, since existing configs cannot be broken. > > So a stronger temp file names generation is still necessary for legacy > > systems. > > You can patch-out the call in your code if you like, or provide a trivial > > rand()-based implementation. > > I made the XMail temp directory on Unix configurable via an 'XMAIL_TEMP' > environment variable, defaulting to '/tmp'. > So the user can set XMAIL_TEMP to whatever they like, and set the > owner/permissions accordingly (which should be taken care also when > running filters).
That is a good approach, but may I ask to make it a command line option? The issue is the following: I like to run xmail under an unprivileged user ID. I use the compartment tool which (rightfully) strips the environment of all variables and replaces them with known good values before doing a setuid and fork/exec. This means that environment variables are problematic. Thanks Stephan _______________________________________________ xmail mailing list [email protected] http://xmailserver.org/mailman/listinfo/xmail
