From owner-freebsd-stable  Wed Mar 31 10:51:19 1999
Delivered-To: freebsd-stable@freebsd.org
Received: from muffin.highwire.local (pool-1-p17.innotts.co.uk [212.56.33.17])
	by hub.freebsd.org (Postfix) with ESMTP id 10CC31559B
	for <freebsd-stable@FreeBSD.ORG>; Wed, 31 Mar 1999 10:51:04 -0800 (PST)
	(envelope-from robmel@innotts.co.uk)
Received: from [172.16.17.20] (robsmac.highwire.local [172.16.17.20])
	by muffin.highwire.local (8.9.2/8.9.2) with ESMTP id TAA10961;
	Wed, 31 Mar 1999 19:47:35 +0100 (BST)
	(envelope-from robmel@innotts.co.uk)
X-Sender: robmel@muffin.highwire.local
Message-Id: <l03130300b3281d08ade5@[172.16.17.20]>
In-Reply-To: <E10SGEX-0005Kj-00@voodoo.pandhm.co.uk>
References: Rahul Dhesi's message of "Tue, 30 Mar 1999 18:58:49 -0800"
 <199903310258.AA09076@waltz.rahul.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Wed, 31 Mar 1999 19:47:04 +0100
To: Dom Mitchell <Dom.Mitchell@palmerharvey.co.uk>,
	Rahul Dhesi <dhesi@rahul.net>
From: Robin Melville <robmel@innotts.co.uk>
Subject: Re: 'make installworld' makes /var/mail world-not-writable
Cc: freebsd-stable@FreeBSD.ORG
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

At 9:20 am +0100 31/3/99, Dom Mitchell wrote:
>On 30 March 1999, Rahul Dhesi proclaimed:
>> "Chad R. Larson" <chad@freebie.dcfinc.com> writes: [...]
>> But what if it's just an NFS client and some other server exports
>> /var/mail to it, and there are a bunch of other clients that all use
>> .lock files on that filesystem?
>>
>> Unlike / and /usr and /etc, which can be considered private to each
>> machine, /var/mail is much more likely to be a global filesystem with a
>> site-wide, not machine-specific, file locking policy and permissions.
>
>Nope.  Anybody using an NFS mounted /var/mail gets what they deserve.
>Use POP3, IMAP and SMTP and stop worrying about things.

Yes, it's seriously bad news to allow NFS access to anything that should
opened by setgid or setuid daemons. Even if rpc.lockd did work in FreeBSD
its a security nightmare. Forward mail to the local MTA, allow remote MUA's
to use the remote protocols. The only way...

Regards

Robin.


----------------------------------------------------------------------
Robin Melville, Addiction Information Services
Nottingham Alcohol & Drug Team
Tel:  +44 (0)115 952 9478       Fax:  +44 (0)115 952 9421
work: robmel@nadt.org.uk        home: robmel@innotts.co.uk
Pages: http://www.innotts.co.uk/~robmel    (home page)
       http://www.innotts.co.uk/nadt       (substance misuse pages)
----------------------------------------------------------------------




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message