Path: utzoo!utgpu!utstat!jarvis.csri.toronto.edu!mailrus!nrl-cmf!ukma!xanth!ames!amdcad!sun!pitstop!sundc!seismo!uunet!mcvax!hp4nl!uva!dik
From: dik@uva.UUCP (Casper H.S. Dik)
Newsgroups: comp.mail.headers
Subject: Re: administration fascism
Message-ID: <608@uva.UUCP>
Date: 2 Feb 89 21:05:15 GMT
References: <412@execu.UUCP> <7094@xanth.cs.odu.edu> <412@avsd.UUCP> <1715@helios.ee.lbl.gov> <445@avsd.UUCP> <2253@unmvax.unm.edu>
Sender: news@uva.UUCP
Reply-To: dik@uva.UUCP (Casper H.S. Dik)
Organization: Faculteit Wiskunde & Informatica, Universiteit van Amsterdam
Lines: 41

In article <2253@unmvax.unm.edu> mike@unmvax.cs.unm.edu (Michael I. Bushnell) writes:
>In article <445@avsd.UUCP> childers@avsd.UUCP (Richard Childers) writes:
>
>>Actually, I have been at enlightened sites where /usr/lib/aliases was writeable
>>by the world. But if you can't trust your users to edit /usr/lib/aliases, then
>>you probably can't trust them to edit .forward, either.
>
>
>Hmmm...I disagree.  We are an "enlightened" site which lets people edit 
>/usr/lib/aliases.  If someone f*cks up, then we have the simple solution
>of asking "who changed the XXX alias to YYY?" and then we can explain to
>them the necessity of being more careful in the future.

Hmmm... you must trust your users very much.
People can not only steal other peoples mail, but can add an alias like
myalias: |/myhome/myprogram

The program /myhome/myprogram will be executed with the uid sendmail uses
for untrusted mailers. If it is daemon (it is on my systems) the user
could then 'do some things I will not disclose here' and become root
in a matter of minutes.

At that point he can do more damage to your system than you can repair
in the time saved by letting your users edit /usr/lib/aliases.

>In short, it may be quite rational to protect users from eachother (by
>protecting /usr/lib/aliases), but it IS facism to "protect" people from
>themselves.

Agreed

>  Michael I. Bushnell       \     This above all; to thine own self be true
>         GIG!                \    And it must follow, as the night the day,
>mike@turing.cs..unm.edu      /\   Thou canst not be false to any man.
>  Hmmmm..............       /  \  Farewell:  my blessing season this in thee!


____________________________________________________________________________
Casper H.S. Dik
University of Amsterdam     |		      dik@uva.uucp
The Netherlands             |                 ...!uunet!mcvax!uva!dik