Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84; site uwvax.UUCP Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!godot!harvard!seismo!uwvax!dave From: dave@uwvax.UUCP (Dave Cohrs) Newsgroups: net.unix-wizards,net.bugs.4bsd Subject: Re: Final word on sendmail dropping mail. Message-ID: <74@uwvax.UUCP> Date: Wed, 5-Dec-84 22:18:31 EST Article-I.D.: uwvax.74 Posted: Wed Dec 5 22:18:31 1984 Date-Received: Sat, 8-Dec-84 05:23:40 EST References: <63@tove.UUCP> Distribution: net Organization: U of Wisconsin CS Dept Lines: 25 Xref: watmath net.unix-wizards:10817 net.bugs.4bsd:1262 > -------------------------------------------------------------------- > Repeat By: > Crank up the load over 12 or so. Send local mail. Run sendmail -q > to force delivery of queued mail. Wait for delivery.... > > ---------------------------------------------------------------- will a load of 50 do (recorded today)? > Re: taking out the 'user' checks. This isn't the best thing to do. The problem here really is that /bin/mail (as all good [grrrr] BSD programs) does a getlogin() instead of a getpwuid(getuid()). If this is done, the code functions fine as is. If these checks are taken out, *ANY USER* can send mail and say it's from WHOMEVER THEY WANT to say it's from (Note: sites that have implemented this 'fix' now have very insecure mail systems). /bin/mail has enough holes in it, it doesn't need more! -- (Bug? What bug? That's a feature!) Dave Cohrs ...!{allegra,heurikon,ihnp4,seismo,uwm-evax}!uwvax!dave dave@wisc-rsch.arpa