Re: [Exim] exim & intetd

Top Page
Delete this message
Reply to this message
Author: Tamas TEVESZ
Date:  
To: exim-users
Subject: Re: [Exim] exim & intetd
On Mon, 14 Jan 2002, Philip Hazel wrote:

> In fact, I propose to make the test "stdin is a socket and EITHER the
> port is privileged OR the caller is root or the Exim user".


i'm not really following the thread, but am i on a very wrong path
when i think this doesn't much make sense with the emerging of such
techniques as capabilities on linux ? (i think there have been
something like this on freebsd for quite some time). employing
capabilities, the administrator can grant certain processes/users the
privilege to bind to privileged ports even when the process is not
running as root. this just makes me think that making a distinction
based on "user is root and port is privileged" is a false path, at
least in this particular case. no ?

i don't have any better suggestions, though, so i'm going to duck...

--
[-]