Re: Local users can clog qmail local queue

[Kris Kelley]

Greg Owen wrote:

> Consider instead a user who puts a stupid filter in his .qmail that
> will execute commands listed in an email with COMMAND as the subject line.
> NOW you have a real security hole.

...which is why .qmail commands are executed as the user, instead of as root
or as one of the qmail users.  Assuming you don't have any other local
holes, the worst that user can do is machine gun himself in the foot, and he
doesn't need qmail to do that!

---Kris