Date: Wed, 9 Aug 2000 20:04:12 +0200 From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: FreeBSD-SECURITY <freebsd-security@freebsd.org> Subject: Re: pine 4.21 port issues? Message-ID: <20000809200412.O261@speedy.gsinet> In-Reply-To: <Pine.BSF.4.21.0008081520200.95410-100000@epsilon.lucida.qc.ca>; from matt@ARPA.MAIL.NET on Tue, Aug 08, 2000 at 03:25:27PM -0400 References: <20000808201626.I261@speedy.gsinet> <Pine.BSF.4.21.0008081520200.95410-100000@epsilon.lucida.qc.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 08, 2000 at 15:25 -0400, Matt Heckaman wrote:
> On Tue, 8 Aug 2000, Gerhard Sittig wrote:
> ...
> : Question: How does Pine (or C-Client in this scenario) modify
> : the mailbox and how does it lock against the MTA delivering into
> : the box?
>
> I do not know.
Neither did I. Garret Wollman corrected my public demonstration
of ignorance ... :)
> ...
> : For locking and for modifications to the inbox via copies and
> : renaming (or for creating new inboxes upon first invocation) you
> : need write access to the spool dir. How do you do that with
> : root.mail and 0775? Do you run your MUAs setgid mail? That's
> : what I would _not_ prefer. :)
>
> Negative, I do *not* run pine setgid mail. I do know that even
> without write access to the spool pine knows and appropriately
> bails when you start two copies of it.
I took from previous messages that the lock against running
multiple MUA instances is located "anywhere" a user can write to
(and thus depends on the MUA, but shouldn't be a problem). What
I did never like about pine is that the latter(!) instance "wins"
and voids any changes you might have done with the first one.
But I guess (I'm almost sure) this doesn't belong here.
> When you get new mail with pine open, it simply updates the
> list saying you have new mail. It would seem to me that it just
> keeps scanning the mail spool file and loading it. Though I do
> not know any of the actual details.
Since I had no biff running ever, the new mail check has to be
done by some kind of stat(2) function on the mailbox file (or
directory when it comes to Maildir, and I've seen mutt giving
false alarms in this). Delivery and user programs defend against
each other by locking the mailbox file when trying to write to
it, I guess.
What I still didn't get yet (since I didn't expect it to be this
way) is that mailfolder modification is done "in place". But
this is not a security problem either.
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000809200412.O261>