Re: disabling virecover by default

To: coypu%sdf.org@localhost
Subject: Re: disabling virecover by default
From: Robert Elz <kre%munnari.OZ.AU@localhost>
Date: Fri, 10 Nov 2017 06:35:23 +0700

    Date:        Thu, 9 Nov 2017 21:19:09 +0000
    From:        coypu%sdf.org@localhost
    Message-ID:  <20171109211908.GA8735%SDF.ORG@localhost>

  | The way virecover currently works is problematic for security (see the
  | recent nvi commits).

Aside from a few (potential mostly) bug fixes, the one issue that Christos
fixed recently was one where it was possible to make it hang (effectively,
disabling it).   Your solution to that is to disable it ????

All the thing does is send mail - about the worst security issue it poses
is that it might allow some "spam" mail to be generated (mail at boot to
the wrong user.)   The one thing that might be useful would be to run it
in background, rather that having rc wait for it to finish.

If you don't trust it, and/or don't have users who use vi, then disable it
on your system.   It is as simple as "virecover=NO" in your rc.conf.
Aside from that, fix any bugs you find, but otherwise leave it alone.

kre

Follow-Ups:
- Re: disabling virecover by default
  - From: coypu
- Re: disabling virecover by default
  - From: Robert Elz
- Re: disabling virecover by default
  - From: coypu

References:
- disabling virecover by default
  - From: coypu

Prev by Date: disabling virecover by default
Next by Date: Re: disabling virecover by default
Previous by Thread: disabling virecover by default
Next by Thread: Re: disabling virecover by default
Indexes:

Home | Main Index | Thread Index | Old Index