On Mon, Jan 08, 2007 at 07:43:41PM +0000, Reuben Thomas wrote:
> >Well, the solution to this is to have esmtp run that command either
> >as the user root, daemon or mail (the trusted users), or not use -d.
> >Can you do either of this?
>
> I can't do either of those. I can't make esmtp run the command as root,
> because it itself is not setuid, and sendmail is just an alias for esmtp. I
> If I don't use -d to maildrop, then maildrop thinks it's delivering to
> root, and so just fork-bombs.
> The problem here seems to be that esmtp has no daemon running as root, and
> the way you're expecting me to use it requires some part of the MDA to be
> root, unless I misunderstand.
It's basically a security feature in maildrop - to go on and do something
that requires root privileges (change uid and write to other users' files),
you have to be a 'trusted user'. If you want to circumvent this, you have
to change the source and recompile without this restriction.
Restricting -d to trusted users has been the default for as long as I can
remember. Tracking back old versions, I can confirm that it's been done
since at least six years ago. It's a pretty sane default and changing it
would be a mistake IMHO.
Anyway, this doesn't generally happen with normal MTAs, only with esmtp
which is trying to be an MTA, but it really isn't much of it...
--
2. That which causes joy or happiness.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
