Matthias Schmidt wrote:
 > Max Lindner wrote:
 > > In order to read a users .forward file, the dma-process must be
 > > run as root, so it must be set setuid root. This would solve the
 > > problem which I read at the mailinglist the last week, where it
 > > was not possible to write a mail from non-root to non-root ootb.
 > 
 > If all stuff is careful written, I'm fine with dma setuid root,
 > but IIRC someone (Simon? Matt?) mentioned that they would prefer
 > another mechanism ...

Another possibility would be to use privilege separation.
That means that the normal dma process would run as an
unpriviledged user.  Only when special privileges are
required (such as reading a .forward file), a setuid root
binary will be called by the dma process.  This binary
should do nothing else, so it is very small and easy to
audit for security.

Alternatively you can use a daemon that runs as root, and
define a protocol through which the unprivileged dma
process can communicate with it in order to let it perform
the operations that require special privileges.

Personally I would prefer the first solution, because the
code running as root is probably smaller and simpler.
But YMMV.

Just my 2 cents ...

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd