From owner-freebsd-security  Mon Aug  7 22:47:27 2000
Delivered-To: freebsd-security@freebsd.org
Received: from srh0902.urh.uiuc.edu (pp-osprey.walkup.uiuc.edu [128.174.199.2])
	by hub.freebsd.org (Postfix) with SMTP id 4AECF37B67B
	for <freebsd-security@FreeBSD.ORG>; Mon,  7 Aug 2000 22:47:22 -0700 (PDT)
	(envelope-from ftobin@uiuc.edu)
Received: (qmail 26172 invoked by uid 1000); 8 Aug 2000 05:47:20 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 8 Aug 2000 05:47:20 -0000
Date: Tue, 8 Aug 2000 00:47:20 -0500 (CDT)
From: Frank Tobin <ftobin@uiuc.edu>
X-Sender: ftobin@srh0902.urh.uiuc.edu
To: Matt Heckaman <matt@ARPA.MAIL.NET>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: pine 4.21 port issues?
In-Reply-To: <Pine.BSF.4.21.0008080127370.87221-100000@epsilon.lucida.qc.ca>
Message-ID: <Pine.BSF.4.21.0008080044370.26063-100000@srh0902.urh.uiuc.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Matt Heckaman, at 01:33 -0400 on Tue, 8 Aug 2000, wrote:

> The point is, I strictly control world writable directories on my system,
> making /var/mail world writable to satisfy pine seems a silly thing to do
> in my opinion. I run qmail on the system through procmail, and all mail
> files are owned to the user name and group, ie the files themselves are
> not group owned to mail.

Your safest course of action is actually to probably not even use
/var/mail, but rather have mailboxes directly in each user's home
directory.  Qmail supports this. (/var/qmail/doc/INSTALL.mbox)

-- 
Frank Tobin		http://www.uiuc.edu/~ftobin/




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message