Harald,
Thank you for your reply to my message:
>> These sorts of things are less common on the more heterogeneous
>> Unix world, but Unix mailers are just as culpable. If I wanted to
>> be consistent, I would demand that anything I run on Unix (without
>> a special permitted shell) which connects to port 25 should be
>> intercepted, wrapped with an "ok queued" SMTP response, and
>> forwarded to me instead. Would anyone argue that isn't reasonable?
>
> Yes, but only because I have 15 different programs that more or less
> indirectly invoke /usr/sbin/sendmail for various reasons.
> Most of them are tools invoked from cron.
As long as your OS looks at an enviroment-based path for the shared
net library, you can replace those in standard locations with the
wrapped versions, and prepend their new location to the head of your
trusted programs' loader's path.
> In a fine-grained capabilities control system, I'd have the "send email" as
> one access control descriptor I could grant these programs.
> But that's not been implemented in any widespread system I know of.
Are there even cross-platform specs yet?
Cheers,
James
--
IMS Q&TI Editor project description: http://www.bovik.org/imsqtied.html
Open-source development: http://sourceforge.net/project/?group_id=3308
