Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site uwvax.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!godot!harvard!seismo!uwvax!dave
From: dave@uwvax.UUCP (Dave Cohrs)
Newsgroups: net.unix-wizards,net.bugs.4bsd
Subject: Re: Final word on sendmail dropping mail.
Message-ID: <74@uwvax.UUCP>
Date: Wed, 5-Dec-84 22:18:31 EST
Article-I.D.: uwvax.74
Posted: Wed Dec  5 22:18:31 1984
Date-Received: Sat, 8-Dec-84 05:23:40 EST
References: <63@tove.UUCP>
Distribution: net
Organization: U of Wisconsin CS Dept
Lines: 25
Xref: watmath net.unix-wizards:10817 net.bugs.4bsd:1262

> --------------------------------------------------------------------
> Repeat By:
> Crank up the load over 12 or so.  Send local mail.  Run sendmail -q
> to force delivery of queued mail.  Wait for delivery....
> 
> ----------------------------------------------------------------

	will a load of 50 do (recorded today)?

> Re: taking out the 'user' checks.

This isn't the best thing to do.  The problem here really is that
/bin/mail (as all good [grrrr] BSD programs) does a getlogin() instead
of a getpwuid(getuid()).  If this is done, the code functions fine
as is.  If these checks are taken out, *ANY USER* can send mail
and say it's from WHOMEVER THEY WANT to say it's from (Note: sites
that have implemented this 'fix' now have very insecure mail systems).
/bin/mail has enough holes in it, it doesn't need more!

-- 
(Bug?  What bug?  That's a feature!)

Dave Cohrs
...!{allegra,heurikon,ihnp4,seismo,uwm-evax}!uwvax!dave
dave@wisc-rsch.arpa