From owner-freebsd-security  Sat Jun  8 12:14:48 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id MAA03464
          for security-outgoing; Sat, 8 Jun 1996 12:14:48 -0700 (PDT)
Received: from zed.ludd.luth.se (root@zed.ludd.luth.se [130.240.16.33])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id MAA03459
          for <security@FreeBSD.org>; Sat, 8 Jun 1996 12:14:45 -0700 (PDT)
Received: from max.ludd.luth.se (max.ludd.luth.se [130.240.16.52]) by zed.ludd.luth.se (8.7.5/8.7.2) with ESMTP id VAA24325; Sat, 8 Jun 1996 21:14:30 +0200
Received: (pantzer@localhost) by max.ludd.luth.se (8.6.11/8.6.11) id VAA03137; Sat, 8 Jun 1996 21:13:36 +0200
Date: Sat, 8 Jun 1996 21:13:33 +0200 (MET DST)
From: Mattias Pantzare <pantzer@ludd.luth.se>
To: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= <ache@astral.msk.su>
cc: pst@shockwave.com, security@FreeBSD.org
Subject: Re: FreeBSD's /var/mail permissions
In-Reply-To: <199606080732.LAA00950@astral.msk.su>
Message-ID: <Pine.SUN.3.91.960608210807.3126A-100000@max.ludd.luth.se>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

> > Why should adduser send any mail to anybody? Rather silly if you ask me.
> 
> Because bad guy can pre-create upcoming user mailbox with 666 permissions.

Not if the adduser script creates it. To remove the option on sending a mail
to the new user fills no function.