From owner-freebsd-security  Fri Jun  7 17:50:31 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id RAA10721
          for security-outgoing; Fri, 7 Jun 1996 17:50:31 -0700 (PDT)
Received: from xmission.xmission.com (softweyr@xmission.xmission.com [198.60.22.2])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id RAA10714
          for <security@freebsd.org>; Fri, 7 Jun 1996 17:50:27 -0700 (PDT)
Received: (from softweyr@localhost) by xmission.xmission.com (8.7.5/8.7.5) id SAA15535; Fri, 7 Jun 1996 18:50:13 -0600 (MDT)
From: Barnacle Wes <softweyr@xmission.com>
Message-Id: <199606080050.SAA15535@xmission.xmission.com>
Subject: Re: FreeBSD's /var/mail permissions
To: pst@shockwave.com (Paul Traina)
Date: Fri, 7 Jun 1996 18:50:12 -0600 (MDT)
Cc: security@freebsd.org
In-Reply-To: <199606072105.OAA00533@precipice.shockwave.com> from "Paul Traina" at Jun 7, 96 02:05:23 pm
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> Mail locking, to be effective, must be soley performed through the use of
> the flock() call on the mail file itself.
> 
> Locking schemes relying on other mechanisms are not effective.
> 
> Sorry.

Explain that to all of those people writing MUAs out there.  Or try to go
fix every one of them.  If you want to change the semantics of how
the mail spool works, you have to consider the effect it will have
on all of these (admittedly poortly written) programs.

-- 
   Wes Peters	| Yes I am a pirate, two hundred years too late
    Softweyr 	| The cannons don't thunder, there's nothing to plunder
   Consulting	| I'm an over forty victim of fate...
 softweyr@xmission.com	|				Jimmy Buffett