Re: Local delivery problems on FreeBSD

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Dom Mitchell
Dátum:  
Címzett: John Henders
CC: exim-users
Tárgy: Re: Local delivery problems on FreeBSD
>>> John Henders said:
> On Nov 28, mark@??? (Mark Murray) wrote:
>
> > NO WAY!!! Major security hole!
>
> Not if you make sure your mail clients don't delete empty mail boxes.
> Also, making sure no system id has mail delivered to it's mail box (use
> aliases) and there's no race conditions left to exploit.


Yes, major security hole. Simply due to the fact that any user can
create any file in there. For example, if the admin creates a new
account which hasn't been sent mail yet, the malicious luser can
create a mailbox for him... nasty. I don't know how different mua's
react to a mailbox with the wrong owner, but there's bound to be at
least one that gets it wrong...

-Dom