On Tue, 22 Dec 1998, Gonzo Granzeau wrote: > As noted from previous sendmail issues, two of the stated problems can be > solved by doing a correct disk structure. You cannot create hard links across > across different partitions. That way, if you have a /, /usr, /tmp, and a > /home, you should be okay if it drops it in tmp. You'd basically have to > give their program it's own file system. This still doesn't change the fact > that it is flawed, but if you are forced to use it... As djb's recent email to bugtraq points out, this does not solve the mail destruction problem; you can make a subdirectory in the spool directory and put your hardlink in there. That subdirectory is guaranteed to be on the same partition as the spool directory. It *does* solve the mail-yourself-a-private-file problem, but I haven't looked at the VMailer spool-file format enough to figure out whether there's really a security problem (as djb claims) or not (as Wietse claims). -- <kragenat_private> Kragen Sitaker <http://www.pobox.com/~kragen/> TurboLinux is outselling NT in Japan's retail software market 10 to 1, so I hear. -- http://www.performancecomputing.com/opinions/unixriot/981218.shtml
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:25:49 PDT