Re: Local delivery problems on FreeBSD

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Mark Murray
Date:  
À: Chris Thompson
CC: Mark Murray, exim-users
Sujet: Re: Local delivery problems on FreeBSD
Chris Thompson wrote:
> Mark Murray writes:
> >
> > > Your adduser program doesn't create new user's mailboxes automatically?
> >
> > Of course not. Many mail readers/POPservers remove mailboxes when they are
> > empty.
>
> Ah, but if it isn't publicly-writable they can't! :-)


Sou you agree with me then that publicly writable mail spools are evil?

> Seriously, at least some such agents use the algorithm "unlink the file if
> I can, truncate it to zero length if I can't".


If the file is removed (and the thread of the discussion is that
mode 1777 mailspools are _evil_, remember), John Q Hacker can deny
you mail by doing "touch /var/mail/yourname". Most mailers are paid
to deliver mail seteuid to the user being delivered to, and will
break _horribly_ in this case. (OTOH - a mailer that is suid root
could probably get round this, at the risk of possibly opening up
more holes :-( )


M
--
Mark Murray                PGP key fingerprint = 80 36 6E 40 83 D6 8A 36
This .sig is umop ap!sdn.                        BC 06 EA 0E 7A F2 CE CE