From owner-freebsd-current Tue May 13 01:01:30 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id BAA07991 for current-outgoing; Tue, 13 May 1997 01:01:30 -0700 (PDT) Received: from time.cdrom.com (root@time.cdrom.com [204.216.27.226]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id BAA07983 for ; Tue, 13 May 1997 01:01:25 -0700 (PDT) Received: from time.cdrom.com (jkh@localhost [127.0.0.1]) by time.cdrom.com (8.8.5/8.6.9) with ESMTP id BAA07497; Tue, 13 May 1997 01:01:26 -0700 (PDT) To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) cc: current@FreeBSD.ORG Subject: Re: RELENG_2_2 In-reply-to: Your message of "Tue, 13 May 1997 07:18:38 +0200." <19970513071838.JT48650@uriah.heep.sax.de> Date: Tue, 13 May 1997 01:01:26 -0700 Message-ID: <7493.863510486@time.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-current@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > As Satoshi Asami wrote: > > > Did we all agree that this was the way to go? My observation seems to > > be that the majority opinion was not to use group (mail)-writable > > /var/mail.... > > I also think we agreed that it was a bad idea from the beginning. > > Perhaps Thomas Roell should hire one of the consultants to fix > dtmail... But I'm still waiting for someone to explain to me how making dtmail and/or some of the other mail agents suid root is any *less* of a security hole and all exchanges to date have, rather frustratingly, gone something like this: "Look, dtmail is the *only thing* which will even use this friggin' mail group right now and so making it group writable by mail is hardly the enormous security hole that everyone makes it out to be. You'd prefer dtmail to be suid root?? What about things like popper? How come nobody is complaining about such utilities being even greater security holes?" "Those other utilities should be fixed." "Fine, but they've been broken for ages. Who's going to fix them - you?" "No, I don't have time. But somebody should fix them." "WHO, damn it? I'm not interesting in discussing "potential" here since we could discuss taht all day and still get no closer to fixing this. Tell me, what are your plans for actually addressing the core issues which brought this whole mess to a head in the first place? This problem has existed for *months* and everyone's been entirely complacent about it!" "I don't care and I'm not here to fix the problem, I simply don't like your solution to it." "Well fine. With your help and a buck, I could probably manage to buy a cup of coffee. Did you actually have any _helpful_ suggestions?" "No." But let me put it another way. We can back this change out and, at this point, I'm rather tired of the game of ping-pong which has resulted from it. However, by doing this we're going to create a fork since I *must* to have this problem solved for the FreeBSD Desktop/Pro release and if there has to be something divergent in that version of FreeBSD then diverge it will. I'm not willing to have dtmail broken in this release and Thomas Roell cannot fix this "correctly" in the time-span available to him, so the only option is for me to create a variant of 2.2.x which has this change in it. Now, I ask you frankly, which option do you think will create the least confusion? Jordan