[tpop3d-discuss] tpop3d, sendmail and owner of mailbox
Chris Elsworth
chris at shagged.org
Wed, 14 Nov 2001 12:47:10 +0000
On Wed, Nov 14, 2001 at 12:43:39PM +0000, Chris Lightfoot wrote:
> > Not to start an argument or anything, but I share the view that the only
> > mode 1777 directory on the entire system should be /tmp.
> >
> > Any mode 1777 directory has the potential of being filled up (by anyone
> > who wants to), thus rendering the partition useless for valid applications
> > - I could fill up the drive with any old file in /var/spool/mail if its
> > mode 1777, and from that point on, nobody gets any mail.
> >
> > Group mail, and g+w, is, in my opinion, the more sensible protection
> > scheme. Opinions will vary :)
>
> Ah, what would be the fun of having a mailing list without
> the occasional flame-war....
>
> The counterarguments are:
>
> - group mail g+w means that all mail clients must be
> setgid mail in order to do locking properly, and
> therefore introduce an additional security exposure;
Well, that places the emphasis on being secure onto the daemons, and of
course, no daemon you or I write has any vulnerabilities, right? :)
> - if somebody is sufficiently silly to try to fill up
> /var/spool/mail, it will be fairly obvious who is
> responsible;
Well, agreed, but it doesn't stop them in the first place.
> The real solution is probably not to use dot-locking at
> all, given that fcntl now (a) works and (b) is universally
> supported.
Or to use Maildir, which doesn't require locking (my current flavour of
choice).
Damn. That flame-war was wrapped up all too quickly :)
--
Chris Elsworth - Software & Systems Developer / Systems Administrator