Exim support in 4.10-1
Tony Finch
dot at DOTAT.AT
Wed Dec 4 14:39:47 GMT 2002
Julian Field <mailscanner at ECS.SOTON.AC.UK> wrote:
>
>You will need to make the config files owned by (or at least writable by)
>exim.exim.
That seems very foolish from a security point of view.
>MailScanner needs to place an exclusive lock on each of the config files,
>so that you can have another script (possibly linked to a web-based
>configuration system) can update the config files while MailScanner is
>running, safe in the knowledge that you can't be half-way through writing a
>config file at the same time as MailScanner is reading it.
It sounds like MailScanner has a rather broken approach to handling its
configuration file. What sysadmins expect is that a daemon will slurp the
file when it starts and when it is HUPped rather than reading piecemeal.
Since perl file locks are advisory they won't prevent the admin from
shooting themselves in the foot by incorrectly assuming that MailScanner
does that too.
Even if you don't change MailScanner to slurp its configuration, please
remove the locking code and instead require admins to use mv to update
the configuration file atomically.
Tony.
--
f.a.n.finch <dot at dotat.at> http://dotat.at/
WHITBY TO THE WASH: SOUTH 4 OR 5 VEERING WEST TO NORTHWEST 4, LATER NORTHWEST
TO NORTH 5 OR 6, PERHAPS 6 OR 7 FOR A TIME. RAIN FOR A TIME THEN MAINLY FAIR
LATER. GOOD OCCASIONALLY MODERATE. SLIGHT TO MODERATE.
More information about the MailScanner
mailing list