Delivery of e-mail to the superuser's account [was: Re: [plug] fetchmail]

James Devenish devenish at guild.uwa.edu.au
Wed Apr 7 18:03:38 WST 2004


On Wednesday 07 April 2004 17:14, James Devenish wrote:
> In message <1081327142.2404.212.camel at latte.internal.itmaze.com.au>
> on Wed, Apr 07, 2004 at 06:39:03PM +1000, Onno Benschop wrote:
> > The only comment I'd have is that you're delivering mail to root - bad!
> Are there any references for this?

In message <200404071727.51959 at death.2.spammers>
on Wed, Apr 07, 2004 at 05:27:51PM +0800, Bernd Felsche wrote:
> Root will have to read the email. Which exposes that user to setting
> off a "bomb", resulting in possible system destruction.

This seems like a bit of an artificial argument -- while you're quite
right that I could bump up against a vulnerability in `less` or `mutt`
or any MIME helper app, all root usage carries an equivalent risk.

> Redirect email to the administrator's real user account(s).

I can understand this being the preferred option for many people,
but it still sounds entirely discretionary to me.

> Which is another reason why the local MTA should be used for delivery
> because it uses the alias table.

(You've lost me, now.)

In message <1081330299.2404.224.camel at latte.internal.itmaze.com.au>
on Wed, Apr 07, 2004 at 07:31:40PM +1000, Onno Benschop wrote:
> Firstly, the root home directory in which the mailbox exists is likely
> to be in the root partition. So sending a big message to root can fill
> up your root partition and bad things happen - of course I am assuming a
> lot of defaults here...

Okay, that is an interesting point from the perspective of default
installations. And of course the root user can consume the last fraction
of space that is reserved by the filesystem. I'll remember that.

Because you are often very thorough in your explanations, your mere
statement of "bad" caught me by surprise.

> The second problem is that of retrieval of the mail. Most users will POP
> their mail, so if you were to do this as a root user, your root password
> would go across the wire in clear-text.

Well, admins can abuse any network protocol in that way. I can
understand OS vendors wanting to protect users from themselves, so now
I understand the deprecation. Still, it seems like a discretionary issue
to me.





More information about the plug mailing list