Sam [mailto:[EMAIL PROTECTED]] wrote:
> Russ Allbery writes:
> > Doesn't Postfix also behave in the same way? Seems to me that pretty much
> > any MTA whose port 25 listener is running unprivileged is going to have
> > the same problem
>
> getpwnam() will tell you if a userid is valid, or not, no matter what
> userid you're running as.
>
> > unless you want to periodically build a database of valid
> > addresses or require that all information necessary to determine whether a
> > given address is valid be world-readable on the system.
>
> Well, it is: /etc/passwd is world readable.
>
> Now, for Qmail, there's also an issue of dot-qmail files. Well, let's say
> that I've been there and done that, and brought back pictures. These kinds
> of things are very much possible.
>
> At the very least, you can attempt to stat the .qmail file, and return an
> invalid user if it fails with ENOENT. You can differentiate between that,
> and EPERM, which you'll get if the home directory is not globally
> executable.
Sam proposed a way to deal with checking to see if a userid is valid or not and
possibly checking for their .qmail file. But how would one deal with:
virtual domains
~alias/.qmail-default -> fastforward database
~virtualdomainuser/.qmail-default -> fastforward database
You can just do some "simple checking".. there's too much complexity in the way
that qmail handles the mail. Yes, you could toss all of this functionality into
qmail-smtpd, but then you break down the beautiful boundaries between the
different handler programs.
The mail.com people have to figure out that they are using an idiot test.
Warping qmail into meeting this test would be not possible without destroying
qmail, IMO.
- David Harris
Principal Engineer, DRH Internet Services
