> But does qmail-queue have to be executable by o? If a user cannot > execute qmail-queue directly, the identification problem disappear, > does not it? That would require qmail-inject and qmail-smtpd, among others, to be suid or sgid to some uid/gid that will allow them to execute qmail-queue. That would be Wrong(tm). So what could happen if qmail-inject is sgid qmail? If this is wrong, then qmail-queue should just immediately write the invoking uid in the received line. It still would not prevent a DoS, like while true; do qmail-queue& killall qmail-queue done but at least invoking uid identification is possible. Mate
- Re: Fw: Anonymous Qmail Denial of Servic... Mate Wierdl
- Re: Fw: Anonymous Qmail Denial of Se... Stefaan A Eeckels
- Re: Fw: Anonymous Qmail Denial o... Peter van Dijk
- Re: Fw: Anonymous Qmail Den... Stefaan A Eeckels
- Re: Fw: Anonymous Qmail Denial o... Russ Allbery
- Re: Fw: Anonymous Qmail Den... Stefaan A Eeckels
- Re: Fw: Anonymous Qmail...
- Re: Fw: Anonymous Qmail... Peter van Dijk
- Re: Fw: Anonymous Qmail Denial of Service Mate Wierdl
- Re: Fw: Anonymous Qmail Denial of Service Peter van Dijk
- Re: Anonymous Qmail Denial of Service Mate Wierdl
- Re: Anonymous Qmail Denial of Service Janos Farkas
- Re: Fw: Anonymous Qmail Denial of Service Mate Wierdl
- Re: Fw: Anonymous Qmail Denial of Service D. J. Bernstein
- Re: Fw: Anonymous Qmail Denial of Service Mark Delany
- Re: Fw: Anonymous Qmail Denial of Service johnjohn
- Re: Fw: Anonymous Qmail Denial of Servic... Peter van Dijk
- Re: Anonymous Qmail Denial of Service Fred Lindberg
- Re: Anonymous Qmail Denial of Service Adam D. McKenna
- Re: Anonymous Qmail Denial of Service Harald Hanche-Olsen
- Re: Anonymous Qmail Denial of Service Janos Farkas