[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vps-mail] Allow User Rules in SA

Subject: Re: [vps-mail] Allow User Rules in SA
From: Scott Wiersdorf <scottw@xxxxxxxxxxxx>
Date: Fri, 16 Dec 2005 09:05:26 -0700

On Fri, Dec 16, 2005 at 10:51:30AM -0500, Jim Smith wrote:
> 
> My question is whether there is a way to protect my server from users
> "gaining root level access" by allowing this. The warning gives a glimmer of
> hope when it says not to enable it "unless you have some other way of
> ensuring that users' tests are safe". I'm not that skilled in security
> issues and am wondering if others might have some suggestions for still
> utilizing customized rules without creating a security hole.

Getting root would have to be a deliberate attempt by a user. I.e., it
won't happen by accident. If you trust your users, I'd go ahead and
enable it so they can do what they need to.

A safer alternative would be to put the same specific patterns (e.g.,
mortgage ok, porn not ok) that they'd put in the spamassassin rules
and make a procmail rule out of it (this list can help with that). No
security compromises that way, and it runs much faster and more
efficiently than spamassassin (i.e., ham and spam will be identified
earlier and less expensively).

Scott
-- 
Scott Wiersdorf
scottw@xxxxxxxxxxxx
======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).

Follow-Ups:
- RE: [vps-mail] Allow User Rules in SA
  - From: Jim Smith

References:
- [vps-mail] Allow User Rules in SA
  - From: Jim Smith

Prev by Date: [vps-mail] Allow User Rules in SA
Next by Date: RE: [vps-mail] Allow User Rules in SA
Previous by thread: [vps-mail] Allow User Rules in SA
Next by thread: RE: [vps-mail] Allow User Rules in SA
Index(es):
- Date
- Thread

Main Index | Thread Index