On Fri, 10 Mar 2000 14:42:15 -0600, Fred Lindberg wrote:
> fd = open_write(fn.s);
> if (fd == -1) break;
> if (fstat(fd,&st) == -1) { close(fd); break; }
> if (seek_set(fd,pos) == -1) { close(fd); break; }
Ok, I get it. qmail-send doesn't trust qmailq. Without the fstat()
call, qmailq could (via symlink) cause qmail-send (root) to write to an
arbitrary location. fstat() should be faster and more portable than
temporarily dropping privileges(?).
-Sincerely, Fred
(Frederik Lindberg, Infectious Diseases, WashU, St. Louis, MO, USA)
