On 4 Jan 1999 [EMAIL PROTECTED] wrote:
> [37 lines snipped]
[more snipped]
> : :There will be one more zero-length file, owned by qmail, without
> : :any user identification whatsoever. It is an exercise for the
> : :reader to write a small program that automates the process:
> [34 lines snipped]
>
> It's hardly in the same league as the postfix design oversight.
> This one prevents new mail being queued, that one causes mail
> to disappear after it has entered the responsibility of the mta.
> Still I wonder:
>
> 1) Why does qmail-queue employ a sequence number, since no two
> processes can have the same pid? If the pidfn is unique to the pid,
> then it's a simple matter to open it O_TRUNC rather than O_EXCL.
> Then the number of junk files is limited to sizeof pid_t.
>
> 2) Why does qmail-queue link the mess file in before the message
> is written? Because a bad mess file isn't cleaned up but every
> 36 hours, whereas a bad pid file will be reclaimed every time the
> pids roll around.
>
> 3) Why not write the uid into a Received: line automatically?
>
> 4) Could setuid(geteuid()) but that doesn't buy very much.
>
> None of this prevents a DOS attack.
Dunno about anyone else, but I tried Wietse's little attack attempt, not
to the extent of trying for DoS but to see exactly what it did on a
FreeBSD 2.2.8 system. ps -aux showed a qmail-queue sitting there as
user qmailq. So I did a few of them. Same thing. I logged off. All
of them were gone and there were no files left in the queue from it.
So it seems that if/when the admin sees all the qmail-queue's running,
dumping lusers one at a time till it clears would tell you who it is
or when they logged off it'd clear up anyway.
Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: [EMAIL PROTECTED] flame-mail: /dev/null
# include <std/disclaimers.h> TEAM-OS2
Online Searchable Campground Listings http://www.camping-usa.com
"There is no outfit less entitled to lecture me about bloat
than the federal government" -- Tony Snow
==========================================================================
