Re: dma user config

[Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>]

:Where would you use this?  I know that postfix does that for +.  But=20
:that's only for delivery, not for transport.

    '+' is what I meant.  The main thing is that it 'survives' transport.
    That is, insofar as any remote transport is concerned, fubar+1 and
    fubar+2 are distinct mail addresses.  So it can be used to 'tag'
    a mailing address.

    For example, when you buy something on the internet you can use
    username+blah@your.host and then know who gave your email address
    away when you get spammed.   Similarly for a mailing list you
    can tell how your address was harvested.

    Another example is the use of unique identifiers which are associated
    with a database and a timeout, creating 'limited use' mail addresses
    for which any incoming mail after the timeout is either thrown away
    or run through a verification scheme.

    And other possibilities.

:Yes, that's a problem.  I think we should get the current version in shap=
:e=20
:and then think of a safe way to do it.  I don't want to add local root=20
:exploits via our new mailer.
:
:cheers
:   simon

    It can be safely done if you fork a process that is already running as
    root, detach it from the original root process except for a pipe, and
    then assume an identity for the remainder of the life of the child
    process.

    It is far less safe if you allow the user to exec a suid program.  I
    really hate SUID binaries and would recommend against them.  A mail
    front-end, for example, should connect to a service already running
    as root and NOT itself be a SUID binary.

    If I were to give advise here, it would be 'don't worry about the
    peformance cost of doing a fork()'.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>