On Mon, Apr 08, 2002 at 11:41:44AM -0700, Michael Smith wrote: +> You could also use this technique to maliciously exhaust a user's quota, +> by linking to their temporary files. I'm not sure what the standards +> have to say about this, but I don't much like the current behaviour. +> Yes. And look on this part of foldinfo.c from procmail:
{ if(stbuf.st_uid!=uid|| /* recipient not owner */
!(stbuf.st_mode&S_IWUSR)|| /* recipient can write? */
S_ISLNK(stbuf.st_mode)|| /* no symbolic links */
(S_ISDIR(stbuf.st_mode)? /* directories, yes, hardlinks */
!(stbuf.st_mode&S_IXUSR):stbuf.st_nlink!=1)) /* no */
/*
* If another procmail is about to create the new
* mailbox, and has just made the link, st_nlink==2
*/
As You can see, this is not good idea to use procmail when anyone can made
a hardlink to my mailbox.
--
Paweł Jakub Dawidek
Network Administrator.
Am I Evil? Yes, I Am.
msg33416/pgp00000.pgp
Description: PGP signature
