On Tue, Jan 09, 2007 at 12:27:58AM +0000, Reuben Thomas wrote:
> I agree that use with esmtp is a minority case. The one reason I think
> changing this default might be reasonable is precisely because maildrop is
> not shipped setuid root in Debian, so its behaviour when setuid root could
> arguably be looser.
And then someone files a bug saying they made it setuid but now it's
completely open to the world... what do I do then? :)
(Any suggestion what to do with this bug? close? wontfix?)
> One last security point: using esmtp rather than a full-blown MTA is a big
> security win anyway: no setuid binaries, and much less code in which to
> find security bugs. Most users don't want or need a full MTA anyway, and I
> think for these reasons it's nice to make it easier to avoid.
Well, for that matter, most users don't need an MTA to begin with. It sounds
like you want it (esmtp) in order to get the standard /usr/sbin/sendmail
interface, but on the other hand, for most users that whole thing is just
another piece of overhead.
--
2. That which causes joy or happiness.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
