From owner-freebsd-security Fri Jun 7 10:26:58 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA03827 for security-outgoing; Fri, 7 Jun 1996 10:26:58 -0700 (PDT) Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA03820 for ; Fri, 7 Jun 1996 10:26:52 -0700 (PDT) Received: from shockwave.com (localhost.shockwave.com [127.0.0.1]) by precipice.shockwave.com (8.7.5/8.7.3) with ESMTP id KAA01419; Fri, 7 Jun 1996 10:25:37 -0700 (PDT) Message-Id: <199606071725.KAA01419@precipice.shockwave.com> To: Barnacle Wes cc: security@freebsd.org Subject: Re: FreeBSD's /var/mail permissions In-reply-to: Your message of "Fri, 07 Jun 1996 09:42:08 MDT." <199606071542.JAA14520@xmission.xmission.com> Date: Fri, 07 Jun 1996 10:25:37 -0700 From: Paul Traina Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Correction: Most MUAs do not need write access to this directory, so they are not SUID root. They just work on the files. From: Barnacle Wes Subject: Re: FreeBSD's /var/mail permissions > Proposed solution: > I'm considering creating group "mail" and going the setgid route, > so that a program which creates files in /var/mail can be simply > setgid mail. > > This is a well understood mail directory protection mechanism > and employs the "principle of least privilege." From a security standpoint, this is a win. If it were only *one* less suid program, it probably wouldn't be worth bothering with, but with the number of MUAs on the average system these days (elm, pine, emacs, mh, xmh, netscape, various X mailers, etc) this is worth doing. Each of these can be changed from suid to sgid as someone is doing a port update. -- Wes Peters | Yes I am a pirate, two hundred years too late Softweyr | The cannons don't thunder, there's nothing to plunder Consulting | I'm an over forty victim of fate... softweyr@xmission.com | Jimmy Buffett