From owner-freebsd-current  Mon Oct 28 22:44:10 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id WAA01560
          for current-outgoing; Mon, 28 Oct 1996 22:44:10 -0800 (PST)
Received: from mexico.brainstorm.eu.org (root@mexico.brainstorm.eu.org [193.56.58.253])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id WAA01554
          for <current@FreeBSD.org>; Mon, 28 Oct 1996 22:44:07 -0800 (PST)
Received: from brasil.brainstorm.eu.org (brasil.brainstorm.fr [193.56.58.33]) by mexico.brainstorm.eu.org (8.7.5/8.7.3) with ESMTP id HAA06925; Tue, 29 Oct 1996 07:43:56 +0100
Received: (from uucp@localhost) by brasil.brainstorm.eu.org (8.6.12/8.6.12) with UUCP id HAA00544; Tue, 29 Oct 1996 07:43:21 +0100
Received: (from roberto@localhost) by keltia.freenix.fr (8.8.2/keltia-uucp-2.9) id HAA05491; Tue, 29 Oct 1996 07:35:54 +0100 (MET)
Message-Id: <199610290635.HAA05491@keltia.freenix.fr>
Date: Tue, 29 Oct 1996 07:35:54 +0100
From: roberto@keltia.freenix.fr (Ollivier Robert)
To: current@FreeBSD.org
Cc: MRC@CAC.Washington.EDU (Mark Crispin)
Subject: Re: /var/mail (was: re: Help, permission problems...)
References: <MailManager.846538027.8148.mrc@Ikkoku-Kan.Panda.COM> <Pine.NEB.3.95.961028175432.24970C-100000@quagmire.ki.net>
X-Mailer: Mutt 0.48.1
Mime-Version: 1.0
X-Operating-System: FreeBSD 2.2-CURRENT ctm#2632
In-Reply-To: <Pine.NEB.3.95.961028175432.24970C-100000@quagmire.ki.net>; from Marc G. Fournier on Oct 28, 1996 17:57:52 -0500
Sender: owner-current@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

According to Marc G. Fournier:

[Mark Crispin]
> > Let's start with the easy part: the permissions (drwxr-xr-x or 0755) on
> > /var/mail are wrong.  They should be (drwxrwxrwt or 01777); in other words,
> > "world write" with the "sticky bit".  0755 has always been wrong.

> 	The only one I didn't think of trying :(

Good. Because this is wrong. Having /var/mail 1777 opens you to various
DoS attacks. Having it 755 enables:

- use of fcntl locking,
- use of non setgid mailer

1777 has always been wrong. It is needed if:

1- dot-locking is used,
2- you need to create the folder.

1- is not a good locking scheme IMO and 2- is not needed because the folder
is created by mail.local/procmail.
 
> 	Non of the above...I ran 'make hierarchy' when I upgrade my FreeBS
> Mail server...they seem to believe that /var/mail shoudl be 755, it seems...
> CC'ng this to the FreeBSD Mailing list...

If imapd needs 1777 it needs to be fixed IMO.
 
> > 	Error creating /var/mail/foo.lock: Permission denied
> > then you need to discern why the user (probably "foo") gets a "Permission
> > denied" from the OS when he tries to create the file "/var/mail/foo.lock".

If one use imapd, then one doesn't need dot locking !

> 	Yes, sorry...I didnt' have a copy of the error message in front of
> me when I sent the email...it was meant as an approximation (a bad one it
> seems)...but it was good enough that you were able to give me the answer
> I required

Sorry, in my opinion, this is bad and broken.
-- 
Ollivier ROBERT    -=- The daemon is FREE! -=-    roberto@keltia.freenix.fr
  FreeBSD keltia.freenix.fr 2.2-CURRENT #26: Sun Oct 27 19:39:11 MET 1996