From owner-freebsd-security  Fri Jun  7 14:07:31 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id OAA21389
          for security-outgoing; Fri, 7 Jun 1996 14:07:31 -0700 (PDT)
Received: from rocky.sri.MT.net (rocky.sri.MT.net [204.182.243.10])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id OAA21381
          for <security@freebsd.org>; Fri, 7 Jun 1996 14:07:27 -0700 (PDT)
Received: (from nate@localhost) by rocky.sri.MT.net (8.6.12/8.6.12) id PAA00612; Fri, 7 Jun 1996 15:07:19 -0600
Date: Fri, 7 Jun 1996 15:07:19 -0600
From: Nate Williams <nate@sri.MT.net>
Message-Id: <199606072107.PAA00612@rocky.sri.MT.net>
To: Paul Traina <pst@shockwave.com>
Cc: Nate Williams <nate@sri.MT.net>, Barnacle Wes <softweyr@xmission.com>,
        security@freebsd.org
Subject: Re: FreeBSD's /var/mail permissions 
In-Reply-To: <199606072105.OAA00533@precipice.shockwave.com>
References: <199606071948.NAA00227@rocky.sri.MT.net>
	<199606072105.OAA00533@precipice.shockwave.com>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> Mail locking, to be effective, must be soley performed through the use of
> the flock() call on the mail file itself.
> 
> Locking schemes relying on other mechanisms are not effective.

Locking schemes relying on flock() are not effective either, so that's
why most MUA's I know of use lock files.

You'll have to convince *them* that flock() is adequate, although I've
yet to be convinced as well.  'flock()' is broken on too many systems to
be considered reliable.


Nate