auid

[Russell Coker]

On Friday 10 February 2006 08:26, Steve G <linux_4ever at yahoo.com> wrote:
> >Also every other mail server including Sendmail.
>
> Are they modified to set loginuid?

No, currently only Postfix.

> >The Postfix code supports multiple deliveries initiated from the one local
> >process and I wrote code to reset the auid for this.  This is one thing
> > that I think is a bad idea, in fact I'll suggest to Wietse that Postfix
> > be changed to only have one delivery per instance of the local process,
> > fork() is cheap by any measure and particularly when compared to all the
> > synchronous disk IO that occurs when a mail server is doing delivery.
>
> The only issue is to make sure that when it does any processing of .files
> on behalf of a user, the loginuid is set for that user during the
> processing of the script. After that, postfix should go back to its
> original loginuid.

Postfix is designed with a number of cooperating processes that perform 
different parts of the MTA operation.  The process named "local" does local 
delivery, it currently may do multiple deliveries in one run, but it should 
be easy enough to modify it to do only one delivery every time it's 
executed/forked and therefore remove the need for it to reset the auid.

> >Does procmail really need this?
>
> For situations where there is no mail server installed and cron jobs need
> to deliver the mail. If there's a way to avoid procmail when there's no
> postfix installed, then we don't need it.

How do you do this?  I guess you have some sort of -m option to crond.

> >As for Sendmail, one program which does EVERYTHING including the ability
> > to reset auid.
>
> Is sendmail modified?

Not yet.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page