[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SUID pop3 / imap4?

From: xystrus
Subject: Re: SUID pop3 / imap4?
Date: Thu, 4 Apr 2002 19:00:26 -0500
User-agent: Mutt/1.3.27i

On Wed, Apr 03, 2002 at 06:37:55AM -0800, Jeff Bailey wrote:
> I'm not sure what the Right Thing is here.  I can set the pop3d to be
> SUID root, which allows it to work.  I tried making it SUID mail, and
> it loads, but it can't get past pam.

I *thought* Debian's philosophy for mail programs is that they should never
need root priviledges to run.  This is a philosophy shared by many people.
The alternative is make programs which can create files in the spool SGID
mail.  However, procmail seems to be both SUID root *and* SGID mail.  This
is probably so that it can change its UID to that of the user it is
delivering mail for, or so that it can chown files as needed.  Some time ago
I read an argument about this, but I can't remember where.  Wish I could.
It had some really interesting points.

> I just hate SUID binaries... =)

Remember that there's absolutely NO difference between an SUID binary and
one that always runs as root.  If you're not running the servers SGID mail,
then you must be running them as root.  The same caveats apply...


reply via email to

[Prev in Thread] Current Thread [Next in Thread]