On Wednesday 14 June 2006 12:44, Manuzhai wrote: > > try > > strace vadddomain ochtman.nl test > > > > and let us know what output you get > > Right; sorry, I'm not so well versed in C development.
strace is useful for a lot more than just C development ;)
> Since the output is quite big, I put it online:
I love this guy!
I'm not sure what the issue is, but I did notice a few things that might need
to be addressed:
open("/var/qmail/users/assign.14726", O_RDWR|O_CREAT|O_TRUNC, 0666) = 6
it's opening the new file with mode 666? Hopefully nobody guesses the
filename, which appears to be based on the pid. This could allow local users
to steal mail from arbitrary local domains/users.
open("/var/qmail/users/assign", O_RDWR) = 7
it's opening users/assign as read-write? IMO, this should be read only, to
protect the users/assign file in case something happens to the vadddomain
process. Unless there's some reason I don't know about for opening it
read-write, in which case, please beat me over the head with it :)
-Jeremy
--
Jeremy Kitchen ++ [EMAIL PROTECTED]
http://www.pirate-party.us/ -- defend your rights
pgpXRb5GeThDq.pgp
Description: PGP signature
