Mate Wierdl ([EMAIL PROTECTED]) wrote:
: Is not it too easy to do stupid stuff like
: cat some huge files | qmail-queue &
This can be done with qmail-inject also, no difference there.
: In any case, is it difficult to patch qmail-queue so that it
: immediately writes the received line after invocation? Afterall, for
No it's easy but let's not get carried away with the accountability
issue, because that issue disappears if the original attack is made
impossible, and Sam has shown a sufficient solution for it.
: But I really do not understand why qmail-queue does not write first to
: a tmp file.
It does but by that time it is linked to the mess file. If the
intent is to keep junk out of mess/, it doesn't buy anything because
the linking of mess or removal of pid cannot be the last pivotal
system call, which must be link(intdfn, todofn) or else the whole
queue protocol must be changed. (I made a mistake in an earlier
post regarding this, sorry).
-harold
