Re: [Exim] create_file = belowhome: unexpected behaviour

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Harald Meland
CC: Ray Miller, exim-users
Subject: Re: [Exim] create_file = belowhome: unexpected behaviour
On 2 Oct 1999, Harald Meland wrote:

> As far as I can see, a simple symlink ~/root -> / will still allow
> users creating files anywhere they like (if they have write access).


In order to make the symlink, the user presumably has to have a shell
account, in which case what is the point in restricting the files the
MTA can create when the user can created them anywhere from a shell?

I think the people that use create_file are running systems where the
users do not have shell acounts, and so cannot set up symlinks.

> To fix this, one would have to grind the destination through
> realpath(3) (on systems that have such a thing) and compare the
> resulting fully resolved destination with whatever restrictions there
> are.


Nevertheless, I'll take a look at realpath() and arrange to use it on
those systems that have it.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.