Thomas -Balu- Walter wrote:

> marked with "^" is the admins job. The other part is postfix's (local
> delivery agent to be precise). Which it does nicely here.

It is a nice explanation technically speaking. However, it doesn't
help me to protect my system from mistakes. Thanks anyway.

> > Why are you so aggresive about this stuff? Is it too much to ask
> > for a decent, polite answer? Like I said before: I want to help.
> > Your attitude doesn't contribute to the program.
>
> If you'd be asked the same question every week and always have to return
> the same answer, wouldn't you be "aggressive" too?

Actually I do get asked these kinds of questions each day.
Not as many perhaps, but that shouldn't matter too much.

It does happen, sometimes, that I get one too many. Usually I stop
replying for a while and try hard to refrain from answering those
RTFM questions when they're asked again and again. Sometimes I
write "RTFM, see there --->". And yes, I'm sure examples can be
found that provide evidence of the contrary so don't even bother
to look for them. I know.

However this situation is different. I try very hard to understand
*why* something is a problem. I ask this question, and I expect
to get:
a) no answer at all. Would be unfortunate but alas, it happens
b) a pointer to some relevant docs
c) an explanation
d) a real discussion

I do not expect to get answers like I was given on this list (except
for a few). They are not informative, do not contribute to the discussion,
do not contribute to a solution and are from time to time abusive.

One important part of making a system secure is to cover user errors.
I am human and thus I make mistakes. When *I* make a mistake, I do
not want to harm *my users*. This is why I could use auto-generated
maildirs. Security is not *only* making the system hacker proof, it
is also about continuity.

I do not "want" something, I'm trying to see if there's a way to
>provide< something that we all can live with. All meaning all,
including the security experts. This of course can be done only
when it is known what is acceptable.

So far I was told that if there's a safe way to patch the program,
I may contribute such a patch. Fine, I want to do that so I ask
what the big problem is.

I understand there is *some* issue with creating directories. I do
not understand why it is a problem if a secure program (such as postfix)
creates a directory in a secure location (such as /var/spool/mail,
provided the permissions are right).

Upto now, I don't even know *if* there actually is a problem with
creating directories as described in the previous line. An easy
*and* normal response would be "this is unsafe, see .....".

Another approach could be to actually prove that there is no problem
in creating directories as described earlier. This is a mathematical
approach. With the combined knowledge of this list, this may be
possible to achieve. I tried to start this approach in one of my
previous posts today. If the directory is writable only by a trusted
account, I consider this to be a safe directory. It should be safe
to create a directory in such a parent. If we all agree on that,
the only task left to do is to prove the parent is safe. If someone
disagrees, I would very much appreciate the *why* so that I can
learn from it.

cheers,
Alex
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]