From owner-freebsd-security  Sun May  5 07:44:38 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id HAA20412
          for security-outgoing; Sun, 5 May 1996 07:44:38 -0700 (PDT)
Received: from palmer.demon.co.uk (palmer.demon.co.uk [158.152.50.150])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id HAA20392
          for <freebsd-security@FreeBSD.ORG>; Sun, 5 May 1996 07:44:29 -0700 (PDT)
Received: from palmer.demon.co.uk (localhost [127.0.0.1])
	  by palmer.demon.co.uk (sendmail/PALMER-1) with ESMTP id PAA07722
	  ; Sun, 5 May 1996 15:43:58 +0100 (BST)
To: jarekb@pap.waw.pl (Jaroslaw Bazydlo)
cc: freebsd-security@FreeBSD.ORG
From: "Gary Palmer" <gpalmer@FreeBSD.ORG>
Subject: Re: dot.cshrc and weird umask value 
In-reply-to: Your message of "Sun, 05 May 1996 12:45:46 +0200."
             <199605051045.MAA16372@cergowa.waw.pl> 
Date: Sun, 05 May 1996 15:43:58 +0100
Message-ID: <7720.831307438@palmer.demon.co.uk>
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Jaroslaw Bazydlo wrote in message ID
<199605051045.MAA16372@cergowa.waw.pl>:
> Can anyone tell me why on FreeBSD (the same with BSD/OS) there is the umask
> value 2 ???? This simply couses producing group writable files. Imagine the
> person which created .forward file, anyone in his group can modify this to
> reforward files or duplicate mails. 

My view is that sendmail/mail.local (or whatever checks ~/.forward)
should check that the user is the only person who is able to write to
the file before accepting it as a valid .forward, the same as we do
for .rhosts.

Gary
--
Gary Palmer                                            FreeBSD Core Team Member
FreeBSD - Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info.