Re: [exim4debian] Re: Debian-exim - blech!
On Mon, Sep 20, 2004 at 01:07:52PM +0200, Marc Haber wrote:
> On Mon, Sep 20, 2004 at 09:48:43AM +0100, Oliver Elphick wrote:
> > "mail" is and always has been a standard system account:
> "mail" is also the account that owns the mail spool, hence all MUAs
> run sgid mail per policy. Running the MTA as mail as well would mean
> that the MTA's queue would have to belong to mail as well, giving MUAs
> read access to the MTA's queue, which is a significant security risk.
That's funny, none of the MUA's on my debian systems are sgid mail, nor is
anything of the kind written in the debian policy that I can see.
> > nor of files that exim4 did not install.
> So we shouldn't purge the mail queue and hints database? Since policy
> requires a purged package to vanish without leaving any trace of its
> installation, that would be a policy violation.
Huh? There is no such policy. The policy defines "purge" as "removing
everything in it's file list except conffiles", and since the
package's file list could not possibly contain files created post
installation, it cannot delete anything in the system mail directory.
_ _ _ _ _ _ _ _ _ _ _ _ _
/ \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \
( t | i | m | @ | i | t | . | k | p | t | . | c | c )
\_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/
GPG key fingerprint = 1DEE CD9B 4808 F608 FBBF DC21 2807 D7D3 09CA 85BF