> All you have to do is create it as root and make it readable by the mail
> process for the user. They can read it, but they can't replace it.
*sigh* I was just waiting for this to come up. I asked this question
regarding the .qmail security "reward" and was told that this doesn't
count. Gee, so I wonder the *next* time a security hole is found, if it
will also just be explained away as "well, it's possible with all the
others too" or "that doesn't count".
A file doesn't really matter if the user has write permissions
to the parent/current directory. Although the above statement
doesn't address this directly, I think it's misleading enough
to point out.
Scott
