From owner-freebsd-security  Thu Dec  3 16:26:11 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA21655
          for freebsd-security-outgoing; Thu, 3 Dec 1998 16:26:11 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA21559
          for <security@FreeBSD.ORG>; Thu, 3 Dec 1998 16:26:01 -0800 (PST)
          (envelope-from roberto@keltia.freenix.fr)
Received: (from uucp@localhost)
	by frmug.org (8.9.1/frmug-2.3/nospam) with UUCP id BAA02944
	for security@FreeBSD.ORG; Fri, 4 Dec 1998 01:25:44 +0100 (CET)
	(envelope-from roberto@keltia.freenix.fr)
Received: by keltia.freenix.fr (Postfix, from userid 101)
	id CB59E14BE; Fri,  4 Dec 1998 00:44:19 +0100 (CET)
Date: Fri, 4 Dec 1998 00:44:19 +0100
From: Ollivier Robert <roberto@keltia.freenix.fr>
To: ML FreeBSD Security <security@FreeBSD.ORG>
Subject: Re: mail.local
Message-ID: <19981204004419.A8445@keltia.freenix.fr>
Mail-Followup-To: ML FreeBSD Security <security@FreeBSD.ORG>
References: <Pine.LNX.3.96.981203115141.7707B-100000@cc181716-a.hwrd1.md.home.com> <Pine.BSF.3.96.981203123334.12137A-100000@fledge.watson.org > <4.1.19981203135009.04047ea0@127.0.0.1>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.94.16i
In-Reply-To: <4.1.19981203135009.04047ea0@127.0.0.1>; from Brett Glass on Thu, Dec 03, 1998 at 01:51:48PM -0700
X-Operating-System: FreeBSD 3.0-CURRENT/ELF ctm#4856 AMD-K6 MMX @ 200 MHz
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

According to Brett Glass:
> Why not use a group permission to allow access to mailboxes only? This would
> contain the damage that could be done by subverting an suid program.

Or wait one week and install VM^H^HPostfix which doesn't need the setuid
bit at all (and of course has a lot of nice features).
-- 
Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr
FreeBSD keltia.freenix.fr 3.0-CURRENT #2: Sun Nov  8 01:22:20 CET 1998


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message