On Tue, Jan 09, 2007 at 12:59:35AM +0000, Reuben Thomas wrote:
> >And then someone files a bug saying they made it setuid but now it's
> >completely open to the world... what do I do then? :)
>
> This is the way that procmail works, and it's hardly "open to the world",
> it's just more susceptible to bugs.
It's actually a bit fuzzy to me. Why should any user be able to do deliver
e-mail to another user using only the MDA? A really simple reason against it
is when the other user uses a MTA-side-mechanism to redirect their mail
elsewhere (~user/.forward?), and so mails don't necessarily reach the user
just because the MDA made a delivery where it thought it should.
Maildrop avoids that issue by making it so that only known privileged users
are able to invoke it in order to deliver to others. If someone goes to that
much length to run it privileged, then they probably have some authority
over other users. If not, revert to using MTAs (who may then invoke MDAs)
to start mail delivery; it's common for MTAs to know what they're doing,
the MDAs are their bell-hops :)
> >Well, for that matter, most users don't need an MTA to begin with. It
> >sounds like you want it (esmtp) in order to get the standard
> >/usr/sbin/sendmail interface, but on the other hand, for most users that
> >whole thing is just another piece of overhead.
>
> That's not quite true: a lot of other packages require this interface that
> have nothing to do with sending internet mail, typically administration
> packages like cron-apt and logwatch that want to notify the administrator
> of certain events. email is the obvious way to do this, and the
> /usr/lib/sendmail interface the obvious way to send mail, as it requires
> only the ability to send text to a command. These are the sorts of package
> that a user might well want to run on a personal machine: they keep the
> machine up to date and monitor for possible security breaches and hardware
> failure (e.g. smartctl). This is hardly sysadmin or esoteric territory.
That's just because we are basically using an old Unixoid interface on
personal machines. We could just as well have other provisions for these
kinds of things. In fact, we probably *should*, because it's not necessarily
an effective notification interface in this setting - at least I've yet to
see a desktop Linux user who actually reads their $MAIL. They just use a MUA
that connects to outside mail accounts.
--
2. That which causes joy or happiness.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
