From owner-freebsd-security  Sat Jun  8 00:50:17 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id AAA28430
          for security-outgoing; Sat, 8 Jun 1996 00:50:17 -0700 (PDT)
Received: from sovcom.kiae.su (sovcom.kiae.su [144.206.136.1])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id AAA28411
          for <security@freebsd.org>; Sat, 8 Jun 1996 00:50:14 -0700 (PDT)
Received: by sovcom.kiae.su id AA04614
  (5.65.kiae-1 ); Sat, 8 Jun 1996 10:46:10 +0300
Received: by sovcom.KIAE.su (UUMAIL/2.0); Sat,  8 Jun 96 10:46:10 +0300
Received: (from ache@localhost) by astral.msk.su (8.7.5/8.7.3) id LAA00996; Sat, 8 Jun 1996 11:39:34 +0400 (MSD)
Message-Id: <199606080739.LAA00996@astral.msk.su>
Subject: Re: FreeBSD's /var/mail permissions
To: pst@shockwave.com (Paul Traina)
Date: Sat, 8 Jun 1996 11:39:34 +0400 (MSD)
Cc: security@freebsd.org
In-Reply-To: <199606071727.KAA01470@precipice.shockwave.com> from "Paul Traina" at "Jun 7, 96 10:27:21 am"
From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) <ache@astral.msk.su>
X-Class: Fast
X-Mailer: ELM [version 2.4ME+ PL19 (25)]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> I'm confused, why do you say adduser must create new user mailbox?
> Mail.local is already suid root and adduser should deliver a preformatted
> mail message with mail.local.

bad guy: create /var/mail/user1 0666
admin: create user1
user1: receive mail from outside world
bad guy: read user1 mail

-- 
Andrey A. Chernov        : And I rest so composedly,  /Now, in my bed,
ache@astral.msk.su       : That any beholder  /Might fancy me dead -
http://dt.demos.su/~ache : Might start at beholding me,  /Thinking me dead.
RELCOM Team,FreeBSD Team :         E.A.Poe         From "For Annie" 1849