Why can't mail have unpost command
clive at druhi.UUCP
clive at druhi.UUCP
Tue Feb 24 18:37:48 AEST 1987
in article <1850 at cit-vax.Caltech.Edu>, trent at cit-vax.Caltech.Edu (Ray Trent) says:
[...]
> Tell me, how do you prevent someone from simply coming in and 'canceling'
> someone else's mail, reading the return copy, and resending it? That is,
> unless you want to rewrite mail to pass along a password or something.
[...]
Well, I think you certainly have a point worth looking into, Ray.
Let's consider. On a given machine, there will be only one user with a
given (usable->first in /etc/passwd) userid. And no (non-root) way to
fake one.
Also, mail headers contain this information, in the path from which the
mail came.
Further, we already have server access control, in the current way
mail works.
It seems to me then, that a simple addition to the server can
easily and securely know which pieces of mail, if any, a given
(local or remote) requester deserves to cancel.
And that no one can beat this, unless they have root (or mail)
privileges, and furthermore, on the recipient's machine.
It's late, so maybe I'm wrong. What do you think?
Clive
More information about the Comp.unix.questions
mailing list