From owner-freebsd-security  Sun Jun  9 16:20:48 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id QAA08184
          for security-outgoing; Sun, 9 Jun 1996 16:20:48 -0700 (PDT)
Received: from sea.campus.luth.se (sea.campus.luth.se [130.240.193.40])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id QAA08175
          for <security@FreeBSD.org>; Sun, 9 Jun 1996 16:20:45 -0700 (PDT)
Received: (from karpen@localhost) by sea.campus.luth.se (8.6.12/8.6.12) id BAA08721 for security@FreeBSD.org; Mon, 10 Jun 1996 01:20:29 +0200
Message-Id: <199606092320.BAA08721@sea.campus.luth.se>
Subject: Re: FreeBSD's /var/mail permissions
To: security@FreeBSD.org
Date: Mon, 10 Jun 1996 01:20:29 +0200 (MET DST)
From: "Mikael Karpberg" <karpen@sea.campus.luth.se>
In-Reply-To: <199606081504.IAA05536@precipice.shockwave.com> from "Paul Traina" at Jun 8, 96 08:04:43 am
X-Mailer: ELM [version 2.4 PL25 ME8b]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

> But bad guy can't, because /var/mail is 755
> 
>   > > I'm confused, why do you say adduser must create new user mailbox?
>   > > Mail.local is already suid root and adduser should deliver a preformatted
>   > > mail message with mail.local.
>   > 
>   > Why should adduser send any mail to anybody? Rather silly if you ask me.
>   
>   Because bad guy can pre-create upcoming user mailbox with 666 permissions.

No, he can not, correct. Unless you fool some program to. However, I think
it seems like a good idea for adduser to touch, chown and chmod the users
mailbox when the user is created, ANYWAY. Then you're on the safe side, so
you are sure it's correct. If someone feel like changing adduser to do so,
it would be great. And while whomever is doing that, please fix so that the
users homedirectory is chowned to the user even if you select to not copy
the defaults files.

The mail to the user is not silly. It can be a welcome message to the user,
with instructions and information, for example. And it's up to the admin to
choose if he wants to send the mail or not anyway.

  /Mikael