> | 4) Could setuid(geteuid()) but that doesn't buy very much.
>
> That should stop the user from killing qmail-queue, methinks.
It doesn't buy much because there is still a time when uid != euid,
and the signal can arrive then.
> But perhaps you would normally want the user to have this capability?
> For example when you change your mind in the middle of mailing the
> output of a program.
Not necessarily, because the user would kill the calling process,
which is normally qmail-inject but could be his own shell.
>
> - Harald
> Not exactly, on an RH 5.1:
>
> -rw-r--r-- 1 qmailq mw 0 Jan 4 07:23 179552
> ---
> Mate Wierdl | Dept. of Math. Sciences | University of Memphis
Red Hat uses a different gid for each user, so yes you can point an
accusing finger in that case, but not in general.
I thought more about my original suggestion. It's bunk because it
still allows the leaving behind of a junk mess file.
Here's another. The pid file serves as an in-progress flag.
Guarantee:pid files have names unique to their pid (and host).
If a pid file exists, it's obviously junk: attempt to unlink mess.
If intd exists, it's obviously junk: unlink intd.
Create and write intd and mess.
Link todo to intd.
Unlink pid.
(Until here, errors are fatal)
Unlink intd.
-harold
