From owner-freebsd-security Sat Jun 8 00:52:45 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id AAA28923 for security-outgoing; Sat, 8 Jun 1996 00:52:45 -0700 (PDT) Received: from who.cdrom.com (who.cdrom.com [204.216.27.3]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id AAA28907 for ; Sat, 8 Jun 1996 00:52:42 -0700 (PDT) Received: from sovcom.kiae.su (sovcom.kiae.su [144.206.136.1]) by who.cdrom.com (8.6.12/8.6.11) with SMTP id AAA03002 for ; Sat, 8 Jun 1996 00:52:40 -0700 Received: by sovcom.kiae.su id AA04544 (5.65.kiae-1 ); Sat, 8 Jun 1996 10:45:56 +0300 Received: by sovcom.KIAE.su (UUMAIL/2.0); Sat, 8 Jun 96 10:45:55 +0300 Received: (from ache@localhost) by astral.msk.su (8.7.5/8.7.3) id LAA00950; Sat, 8 Jun 1996 11:32:36 +0400 (MSD) Message-Id: <199606080732.LAA00950@astral.msk.su> Subject: Re: FreeBSD's /var/mail permissions To: pantzer@ludd.luth.se (Mattias Pantzare) Date: Sat, 8 Jun 1996 11:32:35 +0400 (MSD) Cc: pst@shockwave.com, security@FreeBSD.org In-Reply-To: from "Mattias Pantzare" at "Jun 7, 96 11:22:54 pm" From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) X-Class: Fast X-Mailer: ELM [version 2.4ME+ PL19 (25)] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk > > I'm confused, why do you say adduser must create new user mailbox? > > Mail.local is already suid root and adduser should deliver a preformatted > > mail message with mail.local. > > Why should adduser send any mail to anybody? Rather silly if you ask me. Because bad guy can pre-create upcoming user mailbox with 666 permissions. -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - http://dt.demos.su/~ache : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849