[tpop3d-discuss] tpop3d, sendmail and owner of mailbox
Paul Makepeace
Paul.Makepeace at realprogrammers.com
Wed, 14 Nov 2001 04:54:55 -0800
On Wed, Nov 14, 2001 at 12:43:39PM +0000, Chris Lightfoot wrote:
> Ah, what would be the fun of having a mailing list without
> the occasional flame-war....
>
> The counterarguments are:
>
> - group mail g+w means that all mail clients must be
> setgid mail in order to do locking properly, and
> therefore introduce an additional security exposure;
Hmm, well exim is a monolithic setuid root MTA.
> - if somebody is sufficiently silly to try to fill up
> /var/spool/mail, it will be fairly obvious who is
> responsible;
Depending on the architecture of the MTA being able to create symlinks
might be a problem...
> - suitably-configured user disk quotas make this all
> kind of irrelevant anyway.
Disk quotas are a dog on linux in big settings, so I've heard.
Flamewars, security, unix & Bernstein:
http://cr.yp.to/maildisasters/postfix.html
http://packetstorm.decepticons.org/9901-exploits/qmail-DoS.txt
Paul