Delivery of e-mail to the superuser's account [was: Re: [plug] fetchmail]
Nick Bannon
nick at ucc.gu.uwa.edu.au
Wed Apr 7 17:43:10 WST 2004
On Wed, Apr 07, 2004 at 05:14:35PM +0800, James Devenish wrote:
> Are there any references for this? I know that in Linux circles root
> deliveries are frowned upon, but it's one of those deprecations that
> that I've always ignored because it's so prevalent in existing systems
> (e.g. existing sendmail installations). While refusing to deliver to
[...]
It's standard practice with sendmail, and most other MTAs, to alias
root to the actual list of postmasters'/sysadmins' preferred addresses
to handle that mail.
By deprecating direct delivery to the root account, you more
importantly deprecate the unnecessary _reading_ of mail by the root
account. No big, hard-to-audit, buffer-overflow-containing MUAs running
as root. Noone leaving mail/mutt/evolution (!) running in a root
session just to watch for new mail, rather than an emphemeral su or
sudo. No extensive mail filtering done during delivery as the root
user. Noone typing the root password into POP...
Nick.
--
Nick Bannon | "I made this letter longer than usual because
nick-sig at rcpt.to | I lack the time to make it shorter." - Pascal
More information about the plug
mailing list