On Mon, Apr 08, 2002 at 11:41:44AM -0700, Michael Smith wrote: +> You could also use this technique to maliciously exhaust a user's quota, +> by linking to their temporary files. I'm not sure what the standards +> have to say about this, but I don't much like the current behaviour. +> Yes. And look on this part of foldinfo.c from procmail:
{ if(stbuf.st_uid!=uid|| /* recipient not owner */ !(stbuf.st_mode&S_IWUSR)|| /* recipient can write? */ S_ISLNK(stbuf.st_mode)|| /* no symbolic links */ (S_ISDIR(stbuf.st_mode)? /* directories, yes, hardlinks */ !(stbuf.st_mode&S_IXUSR):stbuf.st_nlink!=1)) /* no */ /* * If another procmail is about to create the new * mailbox, and has just made the link, st_nlink==2 */ As You can see, this is not good idea to use procmail when anyone can made a hardlink to my mailbox. -- Paweł Jakub Dawidek Network Administrator. Am I Evil? Yes, I Am.
msg33416/pgp00000.pgp
Description: PGP signature