> But does qmail-queue have to be executable by o? If a user cannot
> execute qmail-queue directly, the identification problem disappear,
> does not it?
That would require qmail-inject and qmail-smtpd, among others, to be suid
or sgid to some uid/gid that will allow them to execute qmail-queue.
That would be Wrong(tm).
So what could happen if qmail-inject is sgid qmail?
If this is wrong, then qmail-queue should just immediately write the
invoking uid in the received line.
It still would not prevent a DoS, like
while true; do
qmail-queue&
killall qmail-queue
done
but at least invoking uid identification is possible.
Mate
- Re: Fw: Anonymous Qmail Denial of Servic... Mate Wierdl
- Re: Fw: Anonymous Qmail Denial of Se... Stefaan A Eeckels
- Re: Fw: Anonymous Qmail Denial o... Peter van Dijk
- Re: Fw: Anonymous Qmail Den... Stefaan A Eeckels
- Re: Fw: Anonymous Qmail Denial o... Russ Allbery
- Re: Fw: Anonymous Qmail Den... Stefaan A Eeckels
- Re: Fw: Anonymous Qmail...
- Re: Fw: Anonymous Qmail... Peter van Dijk
- Re: Fw: Anonymous Qmail Denial of Service Mate Wierdl
- Re: Fw: Anonymous Qmail Denial of Service Peter van Dijk
- Re: Anonymous Qmail Denial of Service Mate Wierdl
- Re: Anonymous Qmail Denial of Service Janos Farkas
- Re: Fw: Anonymous Qmail Denial of Service Mate Wierdl
- Re: Fw: Anonymous Qmail Denial of Service D. J. Bernstein
- Re: Fw: Anonymous Qmail Denial of Service Mark Delany
- Re: Fw: Anonymous Qmail Denial of Service johnjohn
- Re: Fw: Anonymous Qmail Denial of Servic... Peter van Dijk
- Re: Anonymous Qmail Denial of Service Fred Lindberg
- Re: Anonymous Qmail Denial of Service Adam D. McKenna
- Re: Anonymous Qmail Denial of Service Harald Hanche-Olsen
- Re: Anonymous Qmail Denial of Service Janos Farkas
