|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: allow_min_user
From: Wietse Venema (wietse
porcupine.org)
Date: Mon Aug 02 2004 - 13:53:46 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Andy Thompson:
> > What about:
> >
> > By default, this is not allowed, to avoid accidents with software
> > that passes email addresses via the command line. Such software
> > would not be able to distinguish a malicious address from a
> > bona fide command-line option.
> >
> > I know that you can prevent this from happening by putting a "--"
> > option into the command line, but I would not bet my life on it
> > that everyone would follow such advice.
>
> That makes sense.
I have updated the text.
> So in your opinion, on a system such as mine with no local users, web
> scripts, et al where I have complete control over what is run on the
> box, is this a pretty low risk option to enable?
Consider the following: does your machine communicate (email) with
other systems? How will those systems respond to addresses beginning
with a '-' character? Maybe it triggers a bug, and maybe it hits
a defensive Postfix box.
Wietse
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]