On 4 Jan 99 at 22:25, Harald Hanche-Olsen wrote:
> - "Adam D. McKenna" <[EMAIL PROTECTED]>:
>
> | Maybe I'm a retard, but I fail to see what benefits setuid has over
> | setgid in this case. If a user is able to exploit either of these
> | conditions, then he can read or delete mail from the queue. So why
> | would it make sense to use setuid instead of setgid in this
> | particular scenario? (besides the fact that that's the way djb
> | programmed it)
>
> Well, if you study the permissions in the queue directory carefully,
> you will see that he was quite selective about which program has
> access to what directory: Basically, each program in the qmail suite
> has just the access it needs to do its job. At the very least, making
> qmail-queue setgid rather than setuid would require reworking all
> those permissions. (I am too tired and stressed out right now to
> check if it is even possible.)
Also, as was written before, you may notice that change from setuid to
setgid retains user ownership of the file. So it is possible to track who
created the file, and who attempted DoS.
Am I right?
Regards,
Andrzej Kukula
