From owner-freebsd-current Thu Oct 31 10:37:13 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA26735 for current-outgoing; Thu, 31 Oct 1996 10:37:13 -0800 (PST) Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id KAA26730 for ; Thu, 31 Oct 1996 10:37:11 -0800 (PST) Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id LAA25666; Thu, 31 Oct 1996 11:31:38 -0700 From: Terry Lambert Message-Id: <199610311831.LAA25666@phaeton.artisoft.com> Subject: Re: /var/mail (was: re: Help, permission problems...) To: michaelh@cet.co.jp (Michael Hancock) Date: Thu, 31 Oct 1996 11:31:38 -0700 (MST) Cc: terry@lambert.org, dubois@primate.wisc.edu, current@FreeBSD.org In-Reply-To: from "Michael Hancock" at Oct 31, 96 08:55:58 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-current@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk > > > Also, perhaps I missed it in this discussion, but just what *is* > > > the security problem WRT having /var/mail set to 1777? > > > > % id > > uid=501(terry) gid=20(staff) groups=20(staff), 0(wheel), 552(ncvs) > > % touch /var/mail/dubois > > % chmod 644 !$ > > % ls -l !$ > > -rw-r--r-- 1 terry wheel 0 Oct 30 17:02 /var/mail/dubois > > % mail -s "pay me a dollar to unlock your mail" dubois < /dev/null > > Null message body; hope that's ok > > % > > The work around is to use mailer readers that truncate instead of remove > the file when all messages have been deleted or moved. 1) What if dubois never got any mail before that? 2) If we are specifying mail reader behaviour, we can force the fcntl() locking to work as well... which has the advantage of being a more general soloution anyway. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.