On Thu, 20 Dec 2001, Miquel van Smoorenburg wrote:
> On the INN mailinglist someone suggested the following:
>
> - let the non-priviliged daemon create a socket and fork()
> - the child exec()s a small setuid helper program
> - that setuid helper program ofcourse also inherits the socket fd
> - the helper binds the socket to port 25 and exit()s
>
> Now the main program has a socket bound to port 25..
How does this make life more secure than:
- let the daemon program be privileged
- the daemon creates a socket and binds it to port 25
- the daemon obeys setuid() to give up the privilege
(which is what Exim does)? You also have the added complication of
controlling who may exec the helper.
> If you want the users to be able to mount the spool over NFS
> you *have* to use dotlocking.
That sentence is using the "alternative" meaning of "spool", that is
"directory containing users' mailboxes". It is not what Exim calls a
"spool", which is "the directory where Exim keeps messages in transit".
Given that interpretation, it's absolutely true, of course.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.