Re: [EXIM] queryprogram shell script?

Top Page
Delete this message
Reply to this message
Author: Dr Andrew C Aitchison
Date:  
To: djc
CC: exim-users
Subject: Re: [EXIM] queryprogram shell script?

> I wonder if I define "nobody" as UID 0 that would help...

I know that you said the machine has no users, and does't run anything
that could be insecure (OK you weren't quite that strong) but that would
be a great big security hole waiting to happen.
"nobody" is the least secure/trustworthy user on a machine. When/if
something is installed that *has* to allow in someone who shouldn't really
be allowed in, nobody is the account that is used. Anonymous ftp uses it on
systems which don't have an explicit ftp user. Exim uses it because it
doesn't trust the script, ...
While you know perfectly well that this machine doesn't have anything
insecure and that nobody is an alias for root, what happens if someone
else ever administers the machine ?
I am convinced that defining "nobody" as UID 0 is a security hole waiting
to happen.

Dr. Andrew C. Aitchison        Computer Officer, DPMMS, Cambridge
A.C.Aitchison@???    http://www.dpmms.cam.ac.uk/~werdna



--
*** Exim information can be found at http://www.exim.org/ ***