From owner-freebsd-security  Sat Jun  8 03:29:34 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id DAA14161
          for security-outgoing; Sat, 8 Jun 1996 03:29:34 -0700 (PDT)
Received: from irz301.inf.tu-dresden.de (irz301.inf.tu-dresden.de [141.76.1.11])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id DAA14107;
          Sat, 8 Jun 1996 03:29:24 -0700 (PDT)
Received: from sax.sax.de by irz301.inf.tu-dresden.de (8.6.12/8.6.12-s1) with ESMTP id MAA01837; Sat, 8 Jun 1996 12:29:22 +0200
Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id MAA28288; Sat, 8 Jun 1996 12:29:16 +0200
Received: (from j@localhost) by uriah.heep.sax.de (8.7.5/8.6.9) id KAA11417; Sat, 8 Jun 1996 10:21:27 +0200 (MET DST)
From: J Wunsch <j@uriah.heep.sax.de>
Message-Id: <199606080821.KAA11417@uriah.heep.sax.de>
Subject: Re: FreeBSD's /var/mail permissions
To: pst@shockwave.com (Paul Traina)
Date: Sat, 8 Jun 1996 10:21:27 +0200 (MET DST)
Cc: security@freebsd.org, core@freebsd.org (FreeBSD core team)
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
In-Reply-To: <199606071239.FAA19708@precipice.shockwave.com> from Paul Traina at "Jun 7, 96 05:39:22 am"
X-Phone: +49-351-2012 669
X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F  93 21 E0 7D F9 12 D6 4E 
X-Mailer: ELM [version 2.4ME+ PL17 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

As Paul Traina wrote:

(No idea whether discussion did already take place, i'm not on the
security list.  I suggest keeping -core as well.)

> Proposed solution:
>     I'm considering creating group "mail" and going the setgid route,
>     so that a program which creates files in /var/mail can be simply
>     setgid mail.
> 
>     This is a well understood mail directory protection mechanism
>     and employs the "principle of least privilege."

I don't think so.  Unlike SysV, you cannot chown a file to a user of
your will except when being root.  So IMHO this does already mandate
the programs that create mail folders to be setuid root.  Given this,
there's no sense in using the group `mail' in addition.

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)