Re: [exim] Recursive Lookups

Page principale
Supprimer ce message
Répondre à ce message
Auteur: W B Hacker
Date:  
À: exim-users
Sujet: Re: [exim] Recursive Lookups
Tony Finch wrote:

> On Tue, 4 Jul 2006, W B Hacker wrote:
>
>>Tony Finch wrote:
>>
>>>Not if you require that your users make the files globally readable.
>>
>>Is that easily done? And might we be creating a needless
>>security hole?
>
>
> Yes, it's easy, and it might be a privacy concern but it's unlikely to be
> a security problem.
>
>
>>STM that 'group' privs that Exim should have would be enough..
>
>
> Many systems don't allow you to give away ownership of files.
>
> Tony.


Exim being a member of the same 'group', and the files being
group-readable should take care of that. Even LCD WinWoes has
such capability.

Setting 'world readable' on forwarding/alias preferences in
itself should be harmless - after all, any incoming message from
any correspondent is expected to use the information, so it is
effectively 'public' in use even if not directly visible.

BUT - on Unix, if these pref files reside inside the structure
of the user's mailstore, be that a virtual-user Maildir or
somewhere in ~/home or ~/var, they have to have different
settings than the mask for the messages and their structure -
which we DON'T want to be 'world readable' at all.

Managing that difference properly (or not) is where the risk
lies, IMHO.

Bill