Re: SOLVED: Exim and ASMTP
On Wed, Jul 24, 2002 at 08:48:46PM -0700, Paul Johnson wrote:
> OK, for those of you looking for closure on the whole exim, ASMTP,
> /etc/shadow ownership problem, the solution is in these two magical
> lines...
>
> exim_user=mail
> exim_group=shadow
Now that you call this post a closure on exim <-> ASMTP, i feel
obliged to chime in and point to the insecurity of this setup.
What you're basicly doing here is to hand over /etc/{g,}shadow to
exim. Granted, exim has only read access, but nonetheless this opens
the way for an intruther to steal your encrypted passwordd file and
try cracking them on his own machine.
Email handling is notorious feable and any shortcomming in it is
likely to be used to corrupt your system. That's why it's run by a
non priveliged user. Don't spoil that setup, but keep looking for
other ways to pass the info (not the encrypted passwd, but the result
of a password validation) to exim.
Exim being near perfect, there must be a better way to achieve what you need:)
--
groetjes, carel
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: