[Vmail-discuss] Webmail for vmail-sql
Chris Lightfoot
chris@xxxxxxxxxxxxx
Wed, 29 Aug 2001 11:09:11 +0100
On Wed, Aug 29, 2001 at 11:02:14AM +0100, Paul Warren wrote:
> On Wed, Aug 29, 2001 at 10:38:53AM +0100, Chris Lightfoot wrote:
[WU imapd and virtual domains mailspools]
> > [Thinks....] This particular security problem is easy to
> > solve if we require that user foo@example.com's mail goes
> > in the directory /var/spool/mail/SERVERS/example.com/foo/;
> > then we can (modulo some subtleties) use chroot and
> > assume, pretty much, that everything will be safe. (It's
> > easy to break out of a chroot if you are the superuser,
> > hard otherwise.) But this is wildly ugly.
>
> I'm not sure that it's all that ugly...
I meant from the perspective that `here, we have a large
and probably imprefectly working piece of code; rather
than fixing it, or even characterising its brokenness, we
are going to use a feature of our operating system to
protect ourselves from its worst effects'. Compare with,
for instance, `structured exception handling' (the C, not
the C++ kind) in Win32.
--
Chris Lightfoot -- www.ex-parrot.com/~chris/
``Virtually none of the utopian projections of my youth came true....
Where are the flying cars?'' (Robert Kolker)