Charles Cazabon <[EMAIL PROTECTED]> writes:
> skyper <[EMAIL PROTECTED]> wrote:
> > hu ? You mean allowing any local user to cat /dev/zero >trigger
> > is the better idea ? Giving non-trusted processes write access
> > to a pipe of a daemon (running with root-privilieges) is never
> > a good idea tought.
>
> That's the way it's designed. The author put a lot of thought into this,
> and there has never been a security hole in qmail. Look at the code
> yourself; it's safe.
Not to mention that the permissions on the directory
/var/qmail/queue/lock (and /var/qmail/queue) prevent anyone not in the
qmail group from accessing it anyway.
(Students of Unix variations will also know that Solaris and some
other OSs don't correctly enforce permissions on the named pipe itself
anyway.)
James.
