On Sat, May 19, 2001 at 02:07:47PM +0200, Olaf Titz wrote:
> > local delivery agent(s). After all that's all you've got with "*.lock"
> > files, since they too are only advisory locks. Putting them into the
> > kernel simply makes it possible to eliminate the risk of a mode 01777
> > spool directory. (The risk is already quite low of course if you
> > pre-create all mailbox spool files, and especially if you write careful
> > lock validation code in the local delivery agent. Kernel locks simply
> > make the code for safe local delivery less complex.)
>
> Not quite. Any scheme which relies on pre-existing mailboxes would
> also have to make sure that the owner of the mailbox cannot remove it.
> This means not only standard MUAs but also "rm", "mv"[1], accidental
> mistakes or user-installed MUAs. As I see it this is pretty much
> impossible to guarantee.
>
> So reliance on pre-existing mailboxes is inherently unsafe because it
> relies on assumptions which can not be guaranteed, regardless of
> useradd programs etc.
The solution to that is very simple:
- Create /var/mail/ with mode 775, root.mail owned.
- Write a small helper program, which is setgid mail, which just touches
a file with the calling users username in /var/mail/.
In fact, we use the appended helper (setgid mail) in Caldera OpenLinux now.
Ciao, Marcus
--
_____ ___
/ __/____/ / Caldera (Deutschland) GmbH
/ /_/ __ / /__ Naegelsbachstr. 49c, 91052 Erlangen
/_____//_/ /____/ Dipl. Inf. Marcus Meissner, email: mmat_private
==== /_____/ ====== phone: ++49 9131 7912-300, fax: ++49 9131 7192-399
Caldera OpenLinux
This archive was generated by hypermail 2b30 : Sat May 19 2001 - 19:06:26 PDT