Josip Rodin writes:
On Tue, Sep 05, 2006 at 07:40:34PM -0400, Sam Varshavchik wrote:> If we had another option for $HOME, that would > probably fix everything for those people who want it. > Perhaps -H?-D is only available in the version of maildrop that's compiled in the Courier package, and is not enabled in the standalone version of maildrop.Yes, I know. I was just saying that -D is taken.These options carry certain security implications that I am not comfortable with. If you know what you're doing, you can easily patch maildrop yourself, but I don't want to accept the onus of something like this on my shoulders, and end up wearing egg on my face.I'm not saying you should enable -D always, I'm saying you could add -H which makes it chdir to the specified directory as $HOME. Maybe also setenv(). That and only that. Do you understand the request now?
I understand exactly what you're saying. If this option becomes available, people are going to use it. And they will use it without fully understanding the security implications, and no amount of stern warnings in the README is going to change that. I have experience to show that.
pgpoPGuMnBa4x.pgp
Description: PGP signature
