From owner-freebsd-security  Fri Jun  7 14:07:45 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id OAA21414
          for security-outgoing; Fri, 7 Jun 1996 14:07:45 -0700 (PDT)
Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id OAA21408
          for <security@freebsd.org>; Fri, 7 Jun 1996 14:07:42 -0700 (PDT)
Received: from shockwave.com (localhost.shockwave.com [127.0.0.1]) by precipice.shockwave.com (8.7.5/8.7.3) with ESMTP id OAA00533; Fri, 7 Jun 1996 14:05:23 -0700 (PDT)
Message-Id: <199606072105.OAA00533@precipice.shockwave.com>
To: Nate Williams <nate@sri.MT.net>
cc: Barnacle Wes <softweyr@xmission.com>, security@freebsd.org
Subject: Re: FreeBSD's /var/mail permissions 
In-reply-to: Your message of "Fri, 07 Jun 1996 13:48:21 MDT."
             <199606071948.NAA00227@rocky.sri.MT.net> 
Date: Fri, 07 Jun 1996 14:05:23 -0700
From: Paul Traina <pst@shockwave.com>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Mail locking, to be effective, must be soley performed through the use of
the flock() call on the mail file itself.

Locking schemes relying on other mechanisms are not effective.

Sorry.


  From: Nate Williams <nate@sri.MT.net>
  Subject: Re: FreeBSD's /var/mail permissions 
  > Correction: Most MUAs do not need write access to this directory,
  > so they are not SUID root.  They just work on the files.
  
  Corretion: Actually, *most* MUA's that I'm aware of need write access to
  the directory if they plan on doing any sort of mailbox locking, which
  most decent MUA do.
  
  
  Nate