On Fri, Nov 17, 2000 at 12:09:15AM +0100, Felix von Leitner wrote:
> Thus spake Mate Wierdl ([EMAIL PROTECTED]):
> > My question is why is not it better for qmail-queue *immediately* write
> > the "received" line identifying the user?
>
> Then the attacker could still kill qmail-queue.
Indeed, but there is (IMO) a big difference. If you do
qmail-queue &
kill $!
You get an empty file with no user identification:
# ls -l /var/qmail/queue/mess/17
total 0
-rw-r--r-- 1 qmailq users 0 Nov 17 13:22 112303
But if you do
echo| qmail-queue
You get
# cat /var/qmail/queue/mess/7/112293
Received: (qmail 23027 invoked by uid 500); 17 Nov 2000 21:15:28 -0000
so the UID of the user shows up making it possible to identify the
attacker.
>
> Mate, you have posted dozens of dumb emails to the mailing list.
> You raise issues that you don't understand and waste everybodies time
> with this.
Indeed, I still do not understand why qmail-queue does not immediately
write the received line upon startup if it helps to deal with this
attack. Of course, if I was not this dumb, I'd go read the code, and
convince myself that modifying qmail-queue this way is not feasible.
All the happy nondumbs out there already know the secret, and they
enable ps accounting on all their qmail boxes with a smile on their
face.
Mate
