On Sat, May 19, 2001 at 02:07:47PM +0200, Olaf Titz wrote: > > local delivery agent(s). After all that's all you've got with "*.lock" > > files, since they too are only advisory locks. Putting them into the > > kernel simply makes it possible to eliminate the risk of a mode 01777 > > spool directory. (The risk is already quite low of course if you > > pre-create all mailbox spool files, and especially if you write careful > > lock validation code in the local delivery agent. Kernel locks simply > > make the code for safe local delivery less complex.) > > Not quite. Any scheme which relies on pre-existing mailboxes would > also have to make sure that the owner of the mailbox cannot remove it. > This means not only standard MUAs but also "rm", "mv"[1], accidental > mistakes or user-installed MUAs. As I see it this is pretty much > impossible to guarantee. > > So reliance on pre-existing mailboxes is inherently unsafe because it > relies on assumptions which can not be guaranteed, regardless of > useradd programs etc. The solution to that is very simple: - Create /var/mail/ with mode 775, root.mail owned. - Write a small helper program, which is setgid mail, which just touches a file with the calling users username in /var/mail/. In fact, we use the appended helper (setgid mail) in Caldera OpenLinux now. Ciao, Marcus -- _____ ___ / __/____/ / Caldera (Deutschland) GmbH / /_/ __ / /__ Naegelsbachstr. 49c, 91052 Erlangen /_____//_/ /____/ Dipl. Inf. Marcus Meissner, email: mmat_private ==== /_____/ ====== phone: ++49 9131 7912-300, fax: ++49 9131 7192-399 Caldera OpenLinux
This archive was generated by hypermail 2b30 : Sat May 19 2001 - 19:06:26 PDT