Chris Thompson wrote:
> Mark Murray writes:
> >
> > > Your adduser program doesn't create new user's mailboxes automatically?
> >
> > Of course not. Many mail readers/POPservers remove mailboxes when they are
> > empty.
>
> Ah, but if it isn't publicly-writable they can't! :-)
Sou you agree with me then that publicly writable mail spools are evil?
> Seriously, at least some such agents use the algorithm "unlink the file if
> I can, truncate it to zero length if I can't".
If the file is removed (and the thread of the discussion is that
mode 1777 mailspools are _evil_, remember), John Q Hacker can deny
you mail by doing "touch /var/mail/yourname". Most mailers are paid
to deliver mail seteuid to the user being delivered to, and will
break _horribly_ in this case. (OTOH - a mailer that is suid root
could probably get round this, at the risk of possibly opening up
more holes :-( )
M
--
Mark Murray PGP key fingerprint = 80 36 6E 40 83 D6 8A 36
This .sig is umop ap!sdn. BC 06 EA 0E 7A F2 CE CE