Bugtraq mailing list archives
Re: Unsafe assumptions (Re: Mail delivery...)
From: Marcus Meissner <Marcus.Meissner () caldera de>
Date: Sat, 19 May 2001 22:14:51 +0200
On Sat, May 19, 2001 at 02:07:47PM +0200, Olaf Titz wrote:
local delivery agent(s). After all that's all you've got with "*.lock" files, since they too are only advisory locks. Putting them into the kernel simply makes it possible to eliminate the risk of a mode 01777 spool directory. (The risk is already quite low of course if you pre-create all mailbox spool files, and especially if you write careful lock validation code in the local delivery agent. Kernel locks simply make the code for safe local delivery less complex.)Not quite. Any scheme which relies on pre-existing mailboxes would also have to make sure that the owner of the mailbox cannot remove it. This means not only standard MUAs but also "rm", "mv"[1], accidental mistakes or user-installed MUAs. As I see it this is pretty much impossible to guarantee. So reliance on pre-existing mailboxes is inherently unsafe because it relies on assumptions which can not be guaranteed, regardless of useradd programs etc.
The solution to that is very simple: - Create /var/mail/ with mode 775, root.mail owned. - Write a small helper program, which is setgid mail, which just touches a file with the calling users username in /var/mail/. In fact, we use the appended helper (setgid mail) in Caldera OpenLinux now. Ciao, Marcus -- _____ ___ / __/____/ / Caldera (Deutschland) GmbH / /_/ __ / /__ Naegelsbachstr. 49c, 91052 Erlangen /_____//_/ /____/ Dipl. Inf. Marcus Meissner, email: mm () caldera de ==== /_____/ ====== phone: ++49 9131 7912-300, fax: ++49 9131 7192-399 Caldera OpenLinux
Attachment:
createmailfolder.c
Description:
Current thread:
- Unsafe assumptions (Re: Mail delivery...) Olaf Titz (May 19)
- Re: Unsafe assumptions (Re: Mail delivery...) Marcus Meissner (May 21)