On Tue, Mar 18, 2008 at 11:53:29AM +0100, Raphael Hertzog wrote:
> On Tue, 18 Mar 2008, Josip Rodin wrote:
> > Or they don't use root at all for the MDA, instead setuid'ing to the user
> > itself. See also #405584.
>
> If you didn't had to setuid to the user, you wouldn't need to be root in
> the first place. That's what Russ is explaining you. And an IMAP/POP daemon
> running without root privilege might be preferrable.
parse error :) but yes. I can see the theoretical advantage, yes, but do
we have this in practice? It doesn't look like it. Dovecot, UW i{map,pop}d
and Courier all seem to 'log in' as the user by doing something like
setuid(getuid()), and use the mail group only to get dot-lock capability
in /var/mail. Is there any other relevant mail software that needs to be
checked?
--
2. That which causes joy or happiness.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
