Auteur: W B Hacker Date: À: exim-users Sujet: Re: [exim] Recursive Lookups
Tony Finch wrote:
> On Tue, 4 Jul 2006, W B Hacker wrote:
>
>>Tony Finch wrote:
>>
>>>Not if you require that your users make the files globally readable.
>>
>>Is that easily done? And might we be creating a needless
>>security hole?
>
>
> Yes, it's easy, and it might be a privacy concern but it's unlikely to be
> a security problem.
>
>
>>STM that 'group' privs that Exim should have would be enough..
>
>
> Many systems don't allow you to give away ownership of files.
>
> Tony.
Exim being a member of the same 'group', and the files being
group-readable should take care of that. Even LCD WinWoes has
such capability.
Setting 'world readable' on forwarding/alias preferences in
itself should be harmless - after all, any incoming message from
any correspondent is expected to use the information, so it is
effectively 'public' in use even if not directly visible.
BUT - on Unix, if these pref files reside inside the structure
of the user's mailstore, be that a virtual-user Maildir or
somewhere in ~/home or ~/var, they have to have different
settings than the mask for the messages and their structure -
which we DON'T want to be 'world readable' at all.
Managing that difference properly (or not) is where the risk
lies, IMHO.