Re: Bug#92981: uw-imapd-ssl: can't use maildir format with uw-imap (fwd)
[I've gotten to the point of not knowing who said what.. so all
attributions are cut.]
> > > Or better, it requires that the delivery agent runs under uid of the user
> > > that owns the mailbox.
> >
> > But then the delivery agent has to start off running as root to fire
> > off an MDA with the user id of the user that owns the mailbox.
>
> Isn't it normal for an MTA to have root at that point, so that they can do
> use the -d option for procmail or maildrop?
Well, I think it sure would be nice for the delivery phase to be handled
while running as the user; if the MTA is running as roots and checks if
it is allowed to write to a file as a user, it is quite probably
vulnerable to a race condition: if the file is replaced by a symlink to
/etc/shadow or something similar between the time of check and the time
of use (TOCTTOU problems) files could be overwritten that should not be
overwritten.
If the MTA, running as root, drops its priveledges for the actual
delivery, it certainly could be a lot more secure than an MTA that runs
as root all the time, or runs sgid mail.
What this has to do with the policyness (nice new word :) of qmail or
other MTAs, well, I just don't know. <shrug> :)
--
Earthlink: The #1 provider of unsolicited bulk email to the Internet.
Reply to: