On 1999-01-04 at 12:12:27, Mate Wierdl wrote: > That would require qmail-inject and qmail-smtpd, among others, to be suid > or sgid to some uid/gid that will allow them to execute qmail-queue. > That would be Wrong(tm). > > So what could happen if qmail-inject is sgid qmail? ... > but at least invoking uid identification is possible. [A long boring thread, but..] And of course then quota on /var can be used to limit the damage a user can do to mail submission down to what is negligible. Something still tells me it's not really a lot less quirky, but sgid actually has the above two advantages (identification/quota). That is, if I did not lose any braincells during the holidays which related to this knowledge :) -- Janos - Don't worry, my address is real. I'm just bored of spam.
- Re: Fw: Anonymous Qmail Denial of Se... Stefaan A Eeckels
- Re: Fw: Anonymous Qmail Denial o... Peter van Dijk
- Re: Fw: Anonymous Qmail Den... Stefaan A Eeckels
- Re: Fw: Anonymous Qmail Denial o... Russ Allbery
- Re: Fw: Anonymous Qmail Den... Stefaan A Eeckels
- Re: Fw: Anonymous Qmail...
- Re: Fw: Anonymous Qmail... Peter van Dijk
- Re: Fw: Anonymous Qmail Denial of Service Mate Wierdl
- Re: Fw: Anonymous Qmail Denial of Service Peter van Dijk
- Re: Fw: Anonymous Qmail Denial of Service Mate Wierdl
- Re: Fw: Anonymous Qmail Denial o... Janos Farkas
- Re: Fw: Anonymous Qmail Denial of Service Mate Wierdl
- Re: Fw: Anonymous Qmail Denial of Service D. J. Bernstein
- Re: Fw: Anonymous Qmail Denial of Service Mark Delany
- Re: Fw: Anonymous Qmail Denial of Service johnjohn
- Re: Fw: Anonymous Qmail Denial of Servic... Peter van Dijk
- Re: Anonymous Qmail Denial of Service Fred Lindberg
- Re: Anonymous Qmail Denial of Service Adam D. McKenna
- Re: Anonymous Qmail Denial of Service Harald Hanche-Olsen
- Re: Anonymous Qmail Denial of Service Janos Farkas
- dnsfq Seek3r