Bryan Henderson wrote:
> this out. But the difference is that the piped-to transport program
> is a much simpler program, and the goal is to have the setuid flag on
> the smallest, simplest possible programs so as to avoid opening up a
> security hole due to human confusion.
and
> I have a program
> called "socketexec" that simply binds a socket and then execs a named
> program with it as Standard Input. Kind of like a junior inetd. A
> similar program sets uids and such and then execs a named program,
> passing on all open files.
and
> That's what I'm hoping a setuid (and possibly execute-permitted only
> to the exim group) piped-to program can accomplish.
Sound to me like you want to re-invent qmail, daemontools and
ucspi-tcp. Personally I've given up on using those for e-mail,
but if security outranks all other concerns by a few orders of
magnitude then why not. If you're not familiar with qmail, you
may want to check out "The big qmail picture":
http://www.nrg4u.com/qmail/the-big-qmail-picture-103-p1.gif
And few more links:
http://cr.yp.to/
http://www.qmail.org/
http://www.lifewithqmail.org/lwq.html
Bob