Date: Sat, 05 Sep 1998 23:58:39 -0600 From: Wes Peters <wes@softweyr.com> To: Joao Carlos Mendes Luis <jonny@jonny.eng.br> Cc: lva@dds.nl, freebsd-isp@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: small LDA c program requested Message-ID: <35F2248F.87CE70FC@softweyr.com> References: <199809050426.BAA20989@roma.coe.ufrj.br>
next in thread | previous in thread | raw e-mail | index | archive | help
Joao Carlos Mendes Luis wrote:
>
> #define quoting(Wes Peters)
> // /*
> // * Create the file and prepare to write.
> // */
> // snprintf(mailbox, PATH_MAX, "/var/mail/%s/%s", domain, user);
> // if ((fd = open(mailbox, O_WRONLY | O_APPEND | O_CREAT, 0600)) < 0)
> // {
> // abort("Cannot open user mailbox \"%s\" for appending.\n", mailbox);
> // }
> //
> // /*
> // * OK, copy stdin until exhausted.
> // */
> // while ((nbytes = read(STDIN_FILENO, buffer, BUFSIZ)) > 0)
> // {
> // if (write(fd, buffer, nbytes) != nbytes)
> // {
> // abort("Error writing mailbox \"%s\".\n", mailbox);
> // }
> // }
> //
> // close(fd);
> // return 0;
>
> Shouldn't you lock the file ? O_APPEND is only good for atomic
> writes, IIRC.
You're right. A quick fix would be to open the file with O_EXLOCK
and puke if the filesystem doesn't support locking; this would rule
out NFS-mounted mailboxes.
It would be better, IMHO, to collect the entire input and write it in a
single call, but this might get expensive in terms of memory allocation.
You could do it by allocating a number of large, fixed-size buffers and
using writev for output, but what about some bonehead who mails a 40 Meg
"Word" document?
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
http://www.softweyr.com/~softweyr wes@softweyr.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35F2248F.87CE70FC>