> Has this been a problem for anyone in practice? It appears to
> constitute a security problem that a single local user can shut down
> all local mail delivery indefinitely.
In theory, you are correct, although this is a Denial-Of-Service
attack rather than a strict security breach.
In practice, a local user has many other avenues of attack similar
to this, and for all of them the fix is quite simply to throw the user off
the system. If you run a system with users you worry about, you can (IIRC)
use /var/qmail/users/assign to disallow them from using their .qmail file.
Consider instead a user who puts a stupid filter in his .qmail that
will execute commands listed in an email with COMMAND as the subject line.
NOW you have a real security hole.
--
gowen -- Greg Owen -- [EMAIL PROTECTED]
SoftLock.com is now DigitalGoods!
