|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Postfix + cyrus a-la RPM
From: Matthias Andree (ma
dt.e-technik.uni-dortmund.de)Date: Tue May 02 2000 - 19:35:41 CDT
- Next message: Simon J Mudd: "Re: Postfix configuration"
- Previous message: Matthias Andree: "Re: Postfix vs other MTA's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Darren Nickerson <darrendazza.org> writes:
> Why redhat took this approach I'm still trying to figure out. They do
> compensate by installing that wrapper, but it's still an added level of
> complexity.
You don't let your mailers' binaries have the same owner as the mailer's
actively used owner to prevent tampering with the mailer's programs
should it be compromised while it's an unprivileged user such as
cyrus. If there is a (non-root) overflow that can be exploited, you
still cannot replace the files if they belong to root or bin and are
mode 644.
-- Matthias AndreeWhere do you think you're going today?
- Next message: Simon J Mudd: "Re: Postfix configuration"
- Previous message: Matthias Andree: "Re: Postfix vs other MTA's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]