end
"David W. Tamkin" <dattier(_at_)miso(_dot_)wwa(_dot_)com> writes:
For years I have believed that procmail would not deliver to a plain folder
that already had more than one hard link, to a symlink that pointed to an
existing plain file, nor to a symlink that pointed to a nonexistent name in
a valid directory. I assumed that the reason was potential dotlocking con-
flicts.
I've found all of those to be false, even for a procmail 3.11pre7 binary that
has all kernel locking disabled. The procmail(1) man page still says that
those rules apply to the compiled-in setting for ORGMAIL but nothing about
other folders.
Was it ever the case? Why was it changed? Perhaps it is unimportant when
kernel-locking strategies are in use, but it seems essential when procmail
relies only on dotlocks.
From my reading of the source and to the best of my knowledge, those
limits have only ever been applied to the compiled in ORGMAIL. While I
obviously can't speak for Stephen, my guess on the reasoning behind
this is that the mailspool generally lives in a much less 'controlled'
environment than other mailboxes. World writable spool directories and
other fun possibilities make the spool file a weak point subject to
attack, both maliciously and by other broken programs. Indeed, UNIX
history is full of insecure /bin/mail implementations and programs
which don't lock the spool file correctly. This demands armor-plated
handling of that file.
On the other hand, there's a balance to be made between paranoia and
power. It can be useful for a mailbox to have multiple names. Since
the locations of other (non-system) mailboxes are under the control of
the user writing the .procmailrc, procmail can give him or her this
ability (writing to linked files) without immeadiately opening holes.
A user exercising such flexability would be well advised to be very
careful in crafting their recipes to, when locking it, refer to any
given mailbox by one chosen name of its many.
No, this isn't a totally satisfactory answer, but that'll have to await
the return of Nathan Brazil*, oops, I mean Stephen.
Philip Guenther
* "The Return of Nathan Brazil" is the title of a sci-fi novel which,
while I've never read it (though I've read a previous book in the
series of which it is part), I've always thought had a pretty catchy
title.