CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2015/10/09 08:37:38
Modified files:
usr.sbin/smtpd : enqueue.c queue_backend.c smtpctl.c
smtpd-defines.h smtpd.h
usr.sbin/smtpd/smtpctl: Makefile
Log message:
turn our local enqueuer setgid _smtpq and restrict access to offline queue,
the enqueuer will revoke group and regain real gid right after mkstemp.
this would have prevented the symlink/hardlink attacks against offline, and
it will avoid having to deal with new ways users can mess with it.
ok eric@, ok millert@
