Re: [EXIM] queryprogram shell script?

Top Page
Delete this message
Reply to this message
Author: Dave C.
Date:  
To: Dr Andrew C Aitchison
CC: exim-users
Subject: Re: [EXIM] queryprogram shell script?


---------------------------------------------------------------------
David J. Chiodo \ Microwave Systems  \ Campbell Network Systems
 <djc@???> <davec@???>  \ 820 Monroe NW Ste 411
  Domain Administrator <dns@???>   \ Grand Rapids  MI 49503
   Customer Support <support@???>   \ 616-774-3131 <info@???>
Fax 616-774-3933    Tollfree 1-888-694-INET    http://www.cns.net



On Mon, 16 Mar 1998, Dr Andrew C Aitchison wrote:

> Date: Mon, 16 Mar 1998 13:57:02 +0000 (GMT)
> From: Dr Andrew C Aitchison <A.C.Aitchison@???>
> To: djc@???
> Cc: exim-users@???
> Subject: Re: [EXIM] queryprogram shell script?
>
>
> > I wonder if I define "nobody" as UID 0 that would help...
> I know that you said the machine has no users, and does't run anything
> that could be insecure (OK you weren't quite that strong) but that would
> be a great big security hole waiting to happen.
> "nobody" is the least secure/trustworthy user on a machine. When/if
> something is installed that *has* to allow in someone who shouldn't really
> be allowed in, nobody is the account that is used. Anonymous ftp uses it on
> systems which don't have an explicit ftp user. Exim uses it because it
> doesn't trust the script, ...
> While you know perfectly well that this machine doesn't have anything
> insecure and that nobody is an alias for root, what happens if someone
> else ever administers the machine ?
> I am convinced that defining "nobody" as UID 0 is a security hole waiting
> to happen.


I dont mean in the passwd file, I mean in the exim config file.

>
> Dr. Andrew C. Aitchison        Computer Officer, DPMMS, Cambridge
> A.C.Aitchison@???    http://www.dpmms.cam.ac.uk/~werdna

>
>
> --
> *** Exim information can be found at http://www.exim.org/ ***
>
>



--
*** Exim information can be found at http://www.exim.org/ ***