[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Problems using liblockfile.

In article <[🔎] 87k9c0i7ig.fsf@nevermore.csres.utexas.edu>,
Rob Browning <rlb@cs.utexas.edu> wrote:
>
>I'm trying to figure out maillock so that I can use it in emacs20's
>movemail, and I'm not sure I fully understand it's proper use.  First
>of all, is it a function that an ordinary user's supposed to be able
>to call to lock their mail file, or is it something that has to be
>called as root (or mail)?

Well, the lock is defined as

/var/spool/mail/USERNAME.lock

Using a lockfile that way is generally called "dotlocking" (because of the
.lock extension).

So, a normal user cannot lock his mailbox without a setuid program because
(s)he doesn't have write access to that directory. However in Debian,
/var/spool/mail is writable by group mail. A setgid mail program
would therefore be sufficient.

>(Shouldn't fetchmail, smail, sendmail, etc. be converted to
>liblockfile?  We could be losing mail otherwise, no?)

Not if they use the same locking policy. Sendmail uses an external program
to do its locking; usually that's procmail or deliver and both of them
use NFS-safe dotlocking.

Exim also does NFS safe dotlocking. Mutt is also fine.

I think pine doesn't lock the mailbox right, since it isn't setgid mail
(elm and mutt are).

>Anyway, I wrote the following simple program just to test to be sure I
>understood what was going on, and it fails when run as me with
>L_TMPLOCK where L_TMPLOCK is defined as:
>
>   #define L_TMPLOCK   2    /* Error creating tmp lockfile          */

Emacs' movemail can be run setuid can't it? Setgid mail would be enough
in this case however.

I think there should be a small utility (called `maillock' probably) that
is setgid mail and can lock and unlock a users mailbox.

Hmm, perhaps liblockfile should call this utility if it detects that it
isn't run with enough rights to do the locking itself. That would make
it possible for a normal, non-setuid or setgid application to do
safe mailbox locking. Does anybody have some thoughts on this? Perhaps
I have some time tomorrow to do a bit of preliminary work on it.

Mike.
-- 
 Miquel van Smoorenburg |  The dyslexic, agnostic, insomniac lay in his bed
    miquels@cistron.nl  |  awake all night wondering if there is a doG


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .
Reply to: