Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!think.com!mintaka!bloom-beacon!eru!hagbard!sunic!mcsun!hp4nl!nikhefh!e07
From: e07@nikhefh.nikhef.nl (Eric Wassenaar)
Newsgroups: comp.mail.sendmail
Subject: inappropriate checks when mailing to a file
Message-ID: <1232@nikhefh.nikhef.nl>
Date: 13 May 91 21:22:24 GMT
Sender: e07@nikhef.nl (Eric Wassenaar)
Organization: Nikhef-H, Amsterdam (the Netherlands).
Lines: 24


When sending to a file, sendmail checks whether it may succeed
in module recipient() by calling writable() to see if an existing
file is writable or by calling safefile() to see if the parent
directory is writable if the file does not yet exist.
However, these tests use sendmail's current getruid(), whereas
the actual delivery to the file should be performed with the
uid/gid of the controlling address. Therefore, the tests will
fail in many cases and the mail will not be delivered.
I think these tests are premature at this moment, and should be
postponed until the actual delivery takes place in module mailfile()
which already takes care of all necessary precautions for proper
delivery. The correct uid/gid are available at that time, also
during queue runs since they have been restored by the "controlling
user" feature.
Therefore, in my opinion the writable()/safefile() tests can be
eliminated from recipient() altogether. Is this observation correct ?

Eric Wassenaar
-- 
Organization: NIKHEF-H, National Institute for Nuclear and High-Energy Physics
Address: Kruislaan 409, P.O. Box 41882, 1009 DB Amsterdam, the Netherlands
Phone: +31 20 592 0412, Home: +31 20 6909449, Telefax: +31 20 592 5155
Internet: e07@nikhef.nl