Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!mips!pacbell.com!att!linac!mp.cs.niu.edu!rickert
From: rickert@mp.cs.niu.edu (Neil Rickert)
Newsgroups: comp.mail.sendmail
Subject: Re: inappropriate checks when mailing to a file
Message-ID: <1991May14.044620.18159@mp.cs.niu.edu>
Date: 14 May 91 04:46:20 GMT
References: <1232@nikhefh.nikhef.nl>
Organization: Northern Illinois University
Lines: 27

In article <1232@nikhefh.nikhef.nl> e07@nikhefh.nikhef.nl (Eric Wassenaar) writes:
>When sending to a file, sendmail checks whether it may succeed
>in module recipient() by calling writable() to see if an existing
>file is writable or by calling safefile() to see if the parent
>...
>Therefore, in my opinion the writable()/safefile() tests can be
>eliminated from recipient() altogether. Is this observation correct ?

 You have probably rediscovered why many people prefer to use

 "|/bin/cat >> /path/to/file"
rather than
 /path/to/file

At least in recent versions of sendmail there is another option.  Simply
do:  chmod 4600 /path/to/file
and since the 'suid' bit is on, but no 'x' bit is on, sendmail uses the
uid of the file owner.

 Apart from that, you are probably right.  The tests in recipient.c are
perhaps too paranoid.

-- 
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
  Neil W. Rickert, Computer Science               <rickert@cs.niu.edu>
  Northern Illinois Univ.
  DeKalb, IL 60115                                   +1-815-753-6940