For anyone planning to write new code using /var/spool/mail or /tmp:
http://www.netspace.org/lsv-archive/bugtraq.html contains many examples
of insecure code produced by programmers who thought, incorrectly, that
they understood how to use world-writable directories.
> it is not at all difficult to set the permissions on /var/spool/mail
> correctly, and it is trivial to make adduser (or whatever other user
> creation procedure you use) run "touch /var/spool/mail/USER ; chown
> USER.mail /var/spool/mail/user"
Sorry, but the real world doesn't work that way. Most MUAs---including,
for example, every MUA that does dot-locking---need mailboxes in a
writable directory. That means either
* a world-writable directory, which has historically been a disaster,
and which continues to cause security problems in new MUAs; or
* a group-mail-writable directory, with MUAs all setgid mail, which
has historically been a disaster, and which continues to cause
security problems in new MUAs; or
* a user-owned directory, which is trivial to handle safely.
Notably absent from your commentary has been any explanation of the
_disadvantages_ of putting mail in a user-owned directory. Yes, of
course there are transition costs, which is why people can continue to
use /var/spool/mail with qmail until they're comfortable switching.
> your NFS-based arguments against /var/spool/mail
Once again: My discussion of /var/spool/mail has nothing to do with NFS.
> > (Big ISPs have another problem with /var/spool/mail: on most systems,
> > reading a large directory takes a long time.)
> which is an argument against maildir, is it not?
No. The scaling problems with /var/spool/mail are both quantitatively
and qualitatively much more severe. (Note that maildir is designed only
for reliable handling of incoming messages, not for long-term storage.)
> maildir may have some advantages in an NFS environment,
As I already explained, maildir has advantages in any environment.
> what's the point of having your mail in this great new format if you
> cant find a mail reader which can use it?
It is an _option_. Right now it's supported by qmail-pop3d and mutt and
a patched version of pine; as more readers support it, more users will
be able to switch to it. That's called ``progress,'' not ``problem.''
> > Change ./Mailbox to '|preline procmail' in the qmail-start invocation.
> why isn't this in the FAQ?
It's discussed in the INSTALL files for 1.02.
See, some users _ask questions_ and _suggest improvements_ rather than
spewing misinformation all over the net.
> what about relaying TO particular host/domain names?
Add the domain names to rcpthosts.
---Dan
Put an end to fake mailing list subscriptions. http://pobox.com/~djb/ezmlm.html
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] .
Trouble? e-mail to [EMAIL PROTECTED] .
