From owner-freebsd-hackers  Mon Apr  8 14:41: 8 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from milla.33net.fdns.net (milla.33net.fdns.net [217.197.166.58])
	by hub.freebsd.org (Postfix) with ESMTP id E324D37B434
	for <freebsd-hackers@FreeBSD.org>; Mon,  8 Apr 2002 14:40:36 -0700 (PDT)
Received: (from nick@localhost)
	by milla.33net.fdns.net (8.11.6/8.11.6) id g38Lfb908843
	for freebsd-hackers@FreeBSD.org; Mon, 8 Apr 2002 23:41:37 +0200 (CEST)
	(envelope-from nick)
Date: Mon, 8 Apr 2002 23:41:37 +0200
From: =?ISO-8859-2?Q?Pawe=B3_Jakub_Dawidek?= <nick@garage.freebsd.pl>
To: freebsd-hackers@FreeBSD.org
Subject: Re: Hardlinks...
Message-ID: <20020408234137.D5952@garage.freebsd.pl>
References: <20020408113423.Y81506-100000@resnet.uoregon.edu> <200204081841.g38Ifi104580@mass.dis.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="zS7rBR6csb6tI2e1"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200204081841.g38Ifi104580@mass.dis.org>; from msmith@FreeBSD.ORG on Mon, Apr 08, 2002 at 11:41:44AM -0700
X-PGP-Key-URL: http://garage.freebsd.pl/keys/PGP.txt
X-OS: FreeBSD 4.5-STABLE i386
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG


--zS7rBR6csb6tI2e1
Content-Type: text/plain; charset=ISO-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Apr 08, 2002 at 11:41:44AM -0700, Michael Smith wrote:
+> You could also use this technique to maliciously exhaust a user's quota,=
=20
+> by linking to their temporary files.  I'm not sure what the standards=20
+> have to say about this, but I don't much like the current behaviour.
+>=20
Yes. And look on this part of foldinfo.c from procmail:

         { if(stbuf.st_uid!=3Duid||                     /* recipient not ow=
ner */
              !(stbuf.st_mode&S_IWUSR)||             /* recipient can write=
? */
              S_ISLNK(stbuf.st_mode)||                  /* no symbolic link=
s */
              (S_ISDIR(stbuf.st_mode)?        /* directories, yes, hardlink=
s */
                !(stbuf.st_mode&S_IXUSR):stbuf.st_nlink!=3D1))           /*=
 no */
             /*
              * If another procmail is about to create the new
              * mailbox, and has just made the link, st_nlink=3D=3D2
              */

As You can see, this is not good idea to use procmail when anyone can made
a hardlink to my mailbox.

--=20
Pawe=B3 Jakub Dawidek
Network Administrator.
Am I Evil? Yes, I Am.

--zS7rBR6csb6tI2e1
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia

iQCVAwUBPLIOkT/PhmMH/Mf1AQFFNwQAnWUIkdHeYRRw4WyK70Wpf/o8T9BHhkQz
lM0pFDsNBtOrBAe+8o8xoBlJk+YwlX/J0BMzACVpKQ7QFupwR0faMbEfS3wqbpKr
Wq9/T7rLzmm9HyXT4bXI75zbngqr1nCKM9zN958FvetNfymY7XllIMjxyCiPJK2L
7nIcO5Vq5l8=
=jSdM
-----END PGP SIGNATURE-----

--zS7rBR6csb6tI2e1--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message