For anyone planning to write new code using /var/spool/mail or /tmp:
http://www.netspace.org/lsv-archive/bugtraq.html contains many examples
of insecure code produced by programmers who thought, incorrectly, that
they understood how to use world-writable directories.
> it is not at all difficult t
> the point was that his NFS argument against /var/spool/mail was
> irrelevant because home directories are often NFS mounted too
There is no ``NFS argument against /var/spool/mail.''
The fundamental problem with /var/spool/mail is security. It's not easy
to handle a world-writable directory safe
> i couldn't even get it
> to use procmail as the local delivery agent instead of qmail-local
Change ./Mailbox to '|preline procmail' in the qmail-start invocation.
> qmail might be excellent at what it does but it's incompatible with
> /var/spool/mail.
qmail can run binmail as the delivery agen
3 matches
Mail list logo
