In article <20011219214911.E5868B5@???>,
Greg A. Woods <woods@???> wrote:
> + the daemon will setuid(nobody:smail) and re-exec itself after it
> has a file descriptor already bound to port 25 (it will have to be
> started by root on most systems, of course)
On the INN mailinglist someone suggested the following:
- let the non-priviliged daemon create a socket and fork()
- the child exec()s a small setuid helper program
- that setuid helper program ofcourse also inherits the socket fd
- the helper binds the socket to port 25 and exit()s
Now the main program has a socket bound to port 25..
>I may even forget the *.lock stuff since I know of no machine running
>any mailer any more that doesn't have at least some form of basic
>kernel-based advisor file locking.
If you want the users to be able to mount the spool over NFS
you *have* to use dotlocking. And you have to do it "right"
(like exim does it, using link(2)).
Mike.
--
"Don't worry about what anybody else is going to do ... The best way to
predict the future is to invent it." -- Alan Kay.
