On Wednesday 14 June 2006 12:44, Manuzhai wrote:
> > try
> > strace vadddomain ochtman.nl test
> >
> > and let us know what output you get
> Right; sorry, I'm not so well versed in C development.

strace is useful for a lot more than just C development ;)

> Since the output is quite big, I put it online:

I love this guy!

I'm not sure what the issue is, but I did notice a few things that might need 
to be addressed:
open("/var/qmail/users/assign.14726", O_RDWR|O_CREAT|O_TRUNC, 0666) = 6

it's opening the new file with mode 666?  Hopefully nobody guesses the 
filename, which appears to be based on the pid.  This could allow local users 
to steal mail from arbitrary local domains/users.

open("/var/qmail/users/assign", O_RDWR) = 7
it's opening users/assign as read-write?  IMO, this should be read only, to 
protect the users/assign file in case something happens to the vadddomain 
process.  Unless there's some reason I don't know about for opening it 
read-write, in which case, please beat me over the head with it :)


Jeremy Kitchen ++ [EMAIL PROTECTED]

http://www.pirate-party.us/ -- defend your rights

Attachment: pgpXRb5GeThDq.pgp
Description: PGP signature

Reply via email to