On Tue, Jan 05, 1999 at 12:15:25PM +0800, [EMAIL PROTECTED] wrote:
> > | 4) Could setuid(geteuid()) but that doesn't buy very much.
> >
> > That should stop the user from killing qmail-queue, methinks.
>
> It doesn't buy much because there is still a time when uid != euid,
> and the signal can arrive then.
Doesn't matter. The queue file should be generated _after_ the setuid(),
rendering the whole problem moot :)
> > But perhaps you would normally want the user to have this capability?
> > For example when you change your mind in the middle of mailing the
> > output of a program.
>
> Not necessarily, because the user would kill the calling process,
> which is normally qmail-inject but could be his own shell.
> >
> > - Harald
>
> > Not exactly, on an RH 5.1:
> >
> > -rw-r--r-- 1 qmailq mw 0 Jan 4 07:23 179552
> > ---
> > Mate Wierdl | Dept. of Math. Sciences | University of Memphis
>
> Red Hat uses a different gid for each user, so yes you can point an
> accusing finger in that case, but not in general.
>
> I thought more about my original suggestion. It's bunk because it
> still allows the leaving behind of a junk mess file.
>
> Here's another. The pid file serves as an in-progress flag.
> Guarantee:pid files have names unique to their pid (and host).
> If a pid file exists, it's obviously junk: attempt to unlink mess.
> If intd exists, it's obviously junk: unlink intd.
> Create and write intd and mess.
> Link todo to intd.
> Unlink pid.
> (Until here, errors are fatal)
> Unlink intd.
I think a pid based system would be best too.
Greetz, Peter.
--
<squeezer> AND I AM GONNA KILL MIKE | Peter van Dijk
<squeezer> hardbeat, als je nog nuchter bent: | [EMAIL PROTECTED]
<squeezer> @date = localtime(time); | realtime security d00d
<squeezer> $date[5] += 2000 if ($date[5] < 37); |
<squeezer> $date[5] += 1900 if ($date[5] < 99); | -x- available -x-
