On Wed, 5 Feb 2003, Sheldon Hearn wrote:
> A local user can fool Exim into overwriting any group mail owned file on
> the filesystem if
>
> a) the user can write to a directory in which Exim tries to write a
> file,
> b) Exim tries to write that file with a predictable filename,
> c) Exim uses a predictable filename, and
> d) Exim accidentally follows a symlink.
True. That's exactly why Exim forbids symlinks for single-file
mailboxes, which of course have predictable (= fixed) file names.
But for maildir deliveries, Exim insists on writing a new file (by using
O_CREAT). So I don't see that it matters whether the name is
predictable or not.
> The use of unpredictable filenames would be an added level of protection
> against programming mistakes.
You mean like forgetting to use O_CREAT?
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
