DragonFly kernel List (threaded) for 2008-02
Re: dma user config
Matthew Dillon wrote:
Generally speaking you do not want to have per-user DMA configs at
all, it's just too big of a security risk.
Yes, I think we should cut on that front (for now).
What you could do is allow user extensions ala postfix style '.'
extensions to the target name. For example:
firstname.lastname@example.org <--- also routes to dillon
Where would you use this? I know that postfix does that for +. But
that's only for delivery, not for transport.
The per-user aliases file (~/.forward) can pipe to programs, which
means it really has to be run in the context of the user. DMA itself
does not have to run as root but you will need a local delivery
agent that either runs as root or is suid root.
Yes, that's a problem. I think we should get the current version in shape
and then think of a safe way to do it. I don't want to add local root
exploits via our new mailer.
Serve - BSD +++ RENT this banner advert +++ ASCII Ribbon /"\
Work - Mac +++ space for low €€€ NOW!1 +++ Campaign \ /
Party Enjoy Relax | http://dragonflybsd.org Against HTML \
Dude 2c 2 the max ! http://golden-apple.biz Mail + News / \