From owner-freebsd-security Sat Jun 8 08:07:52 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id IAA27992 for security-outgoing; Sat, 8 Jun 1996 08:07:52 -0700 (PDT) Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id IAA27975; Sat, 8 Jun 1996 08:07:48 -0700 (PDT) Received: from shockwave.com (localhost.shockwave.com [127.0.0.1]) by precipice.shockwave.com (8.7.5/8.7.3) with ESMTP id IAA05615; Sat, 8 Jun 1996 08:06:48 -0700 (PDT) Message-Id: <199606081506.IAA05615@precipice.shockwave.com> To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) cc: security@freebsd.org, core@freebsd.org (FreeBSD core team) Subject: Re: FreeBSD's /var/mail permissions In-reply-to: Your message of "Sat, 08 Jun 1996 10:21:27 +0200." <199606080821.KAA11417@uriah.heep.sax.de> Date: Sat, 08 Jun 1996 08:06:48 -0700 From: Paul Traina Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Excellent point. :-( From: J Wunsch Subject: Re: FreeBSD's /var/mail permissions As Paul Traina wrote: (No idea whether discussion did already take place, i'm not on the security list. I suggest keeping -core as well.) > Proposed solution: > I'm considering creating group "mail" and going the setgid route, > so that a program which creates files in /var/mail can be simply > setgid mail. > > This is a well understood mail directory protection mechanism > and employs the "principle of least privilege." I don't think so. Unlike SysV, you cannot chown a file to a user of your will except when being root. So IMHO this does already mandate the programs that create mail folders to be setuid root. Given this, there's no sense in using the group `mail' in addition. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)