Re: dma user config

["Simon 'corecode' Schubert" <corecode@xxxxxxxxxxxx>]

Matthew Dillon wrote:
>      Generally speaking you do not want to have per-user DMA configs at 
>      all, it's just too big of a security risk.

Yes, I think we should cut on that front (for now).

>      What you could do is allow user extensions ala postfix style '.'
>      extensions to the target name.  For example:
>
>      dillon@backplane.com
>      dillon.fubar@backplane.com  <--- also routes to dillon

Where would you use this?  I know that postfix does that for +.  But 
that's only for delivery, not for transport.

>      The per-user aliases file (~/.forward) can pipe to programs, which
>      means it really has to be run in the context of the user.  DMA itself
>      does not have to run as root but you will need a local delivery
>      agent that either runs as root or is suid root.

Yes, that's a problem.  I think we should get the current version in shape 
and then think of a safe way to do it.  I don't want to add local root 
exploits via our new mailer.

cheers
  simon

--
Serve - BSD     +++  RENT this banner advert  +++    ASCII Ribbon   /"\
Work - Mac      +++  space for low €€€ NOW!1  +++      Campaign     \ /
Party Enjoy Relax   |   http://dragonflybsd.org      Against  HTML   \
Dude 2c 2 the max   !   http://golden-apple.biz       Mail + News   / \