ietf
[Top] [All Lists]

Re: mail sandbox wall authority, inward and outbound

2000-05-12 16:50:04
Harald,

Thank you for your reply to my message:

These sorts of things are less common on the more heterogeneous
Unix world, but Unix mailers are just as culpable.  If I wanted to
be consistent, I would demand that anything I run on Unix (without
a special permitted shell) which connects to port 25 should be
intercepted, wrapped with an "ok queued" SMTP response, and
forwarded to me instead.  Would anyone argue that isn't reasonable?

Yes, but only because I have 15 different programs that more or less 
indirectly invoke /usr/sbin/sendmail for various reasons.
Most of them are tools invoked from cron.

As long as your OS looks at an enviroment-based path for the shared 
net library, you can replace those in standard locations with the 
wrapped versions, and prepend their new location to the head of your 
trusted programs' loader's path. 

In a fine-grained capabilities control system, I'd have the "send email" as 
one access control descriptor I could grant these programs.
But that's not been implemented in any widespread system I know of.

Are there even cross-platform specs yet?

Cheers,
James

-- 
IMS Q&TI Editor project description: http://www.bovik.org/imsqtied.html
Open-source development:  http://sourceforge.net/project/?group_id=3308