Re: [OFFTOPIC] Re: [PATCH] Single user linux

From: Alan Cox (alan@lxorguk.ukuu.org.uk)
Date: Tue Apr 24 2001 - 09:59:28 EST

Next message: Alan Cox: "Re: [OFFTOPIC] Re: [PATCH] Single user linux"
Previous message: Gábor Lénár: "Re: [OFFTOPIC] Re: [PATCH] Single user linux"
In reply to: CaT: "Re: [OFFTOPIC] Re: [PATCH] Single user linux"
Next in thread: CaT: "Re: [OFFTOPIC] Re: [PATCH] Single user linux"
Reply: CaT: "Re: [OFFTOPIC] Re: [PATCH] Single user linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > Copying spool articles matching the peercred to the client does not
>
> Running procmail as the user who is to receive the email for local mail
> delivery as running it with gid mail (for eg) would allow one user to
> modify another's mail.

What is this gid mail crap ? You don't need priviledge. You get the mail by
asking the daemon for it. procmail needs no priviledge either if it is done
right.

You just need to think about the security models in the right way. Linux gives
you the ability to do authenticated uid/gid checking over a socket connection.
That is an incredibly powerful model for real compartmentalisation.

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: [OFFTOPIC] Re: [PATCH] Single user linux"
Previous message: Gábor Lénár: "Re: [OFFTOPIC] Re: [PATCH] Single user linux"
In reply to: CaT: "Re: [OFFTOPIC] Re: [PATCH] Single user linux"
Next in thread: CaT: "Re: [OFFTOPIC] Re: [PATCH] Single user linux"
Reply: CaT: "Re: [OFFTOPIC] Re: [PATCH] Single user linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Apr 30 2001 - 21:00:11 EST