---------------------------------------------------------------------
David J. Chiodo \ Microwave Systems \ Campbell Network Systems
<djc@???> <davec@???> \ 820 Monroe NW Ste 411
Domain Administrator <dns@???> \ Grand Rapids MI 49503
Customer Support <support@???> \ 616-774-3131 <info@???>
Fax 616-774-3933 Tollfree 1-888-694-INET http://www.cns.net
On Mon, 16 Mar 1998, Dr Andrew C Aitchison wrote:
> Date: Mon, 16 Mar 1998 13:57:02 +0000 (GMT)
> From: Dr Andrew C Aitchison <A.C.Aitchison@???>
> To: djc@???
> Cc: exim-users@???
> Subject: Re: [EXIM] queryprogram shell script?
>
>
> > I wonder if I define "nobody" as UID 0 that would help...
> I know that you said the machine has no users, and does't run anything
> that could be insecure (OK you weren't quite that strong) but that would
> be a great big security hole waiting to happen.
> "nobody" is the least secure/trustworthy user on a machine. When/if
> something is installed that *has* to allow in someone who shouldn't really
> be allowed in, nobody is the account that is used. Anonymous ftp uses it on
> systems which don't have an explicit ftp user. Exim uses it because it
> doesn't trust the script, ...
> While you know perfectly well that this machine doesn't have anything
> insecure and that nobody is an alias for root, what happens if someone
> else ever administers the machine ?
> I am convinced that defining "nobody" as UID 0 is a security hole waiting
> to happen.
I dont mean in the passwd file, I mean in the exim config file.
>
> Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge
> A.C.Aitchison@??? http://www.dpmms.cam.ac.uk/~werdna
>
>
> --
> *** Exim information can be found at http://www.exim.org/ ***
>
>
--
*** Exim information can be found at
http://www.exim.org/ ***