[tpop3d-discuss] tpop3d, sendmail and owner of mailbox

[Paul Makepeace]

On Wed, Nov 14, 2001 at 12:43:39PM +0000, Chris Lightfoot wrote:
> Ah, what would be the fun of having a mailing list without
> the occasional flame-war....
> 
> The counterarguments are:
> 
>     - group mail g+w means that all mail clients must be
>       setgid mail in order to do locking properly, and
>       therefore introduce an additional security exposure;

Hmm, well exim is a monolithic setuid root MTA.

>     - if somebody is sufficiently silly to try to fill up
>       /var/spool/mail, it will be fairly obvious who is
>       responsible;

Depending on the architecture of the MTA being able to create symlinks
might be a problem...

>     - suitably-configured user disk quotas make this all
>       kind of irrelevant anyway.

Disk quotas are a dog on linux in big settings, so I've heard.

Flamewars, security, unix & Bernstein:
http://cr.yp.to/maildisasters/postfix.html
http://packetstorm.decepticons.org/9901-exploits/qmail-DoS.txt

Paul