From owner-freebsd-current  Wed Apr 10 14:41:52 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id OAA11816
          for current-outgoing; Wed, 10 Apr 1996 14:41:52 -0700 (PDT)
Received: from ibp.ibp.fr (ibp.ibp.fr [132.227.60.30])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id OAA11800
          for <current@FreeBSD.ORG>; Wed, 10 Apr 1996 14:41:46 -0700 (PDT)
Received: from blaise.ibp.fr (blaise.ibp.fr [132.227.60.1])
	by ibp.ibp.fr (8.6.12/jtpda-5.0) with ESMTP id XAA05718
	; Wed, 10 Apr 1996 23:41:40 +0200
Received: from (uucp@localhost)
	by blaise.ibp.fr (8.6.12/jtpda-5.0) with UUCP id XAA07201
	; Wed, 10 Apr 1996 23:41:59 +0200
Received: (from roberto@localhost) by keltia.freenix.fr (8.7.5/keltia-uucp-2.7) id VAA04237; Wed, 10 Apr 1996 21:50:44 +0200 (MET DST)
From: Ollivier Robert <roberto@keltia.freenix.fr>
Message-Id: <199604101950.VAA04237@keltia.freenix.fr>
Subject: Re: /var/mail default permissions??
To: peter@jhome.DIALix.COM (Peter Wemm)
Date: Wed, 10 Apr 1996 21:50:44 +0200 (MET DST)
Cc: current@FreeBSD.ORG
In-Reply-To: <199604100556.NAA03118@jhome.DIALix.COM> from Peter Wemm at "Apr 10, 96 01:56:20 pm"
X-Operating-System: FreeBSD 2.2-CURRENT ctm#1872
X-Mailer: ELM [version 2.4ME+ PL11 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-current@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

It seems that Peter Wemm said:
> I thought /var/mail was supposed to be mode 1777 on BSD systems??

It should  be 755 bin.bin  (or  better  root.wheel  or equivalent for  more
security) since FreeBSD 1.something. 

> mail.local was designed to work in that scenario and has specific code to
> make sure it's secure.. (granted, the net-2 mail.local  may not have been
> solid, but the 4.4BSD  mail.local has  been  secure since the  encumbered
> release and later in the Lite releases)

The fact that mail.local is setuid-root should enable  you to have only 755
permissions. procmail has the same rights  to it is not  a problem. Elm has
been working with the same setup with fcntl locking for a long time too. 

drwxr-xr-x   2 bin     bin      512 Feb 10 19:33 mail/

-rwxr-xr-x  1 root  bin   406996 Mar  2 21:01 /usr/local/bin/elm
-rwsr-sr-x  1 root  mail   65536 Jun  8  1995 /usr/local/bin/procmail
-r-sr-xr-x  1 root  bin    12288 Feb 11 16:18 /usr/libexec/mail.local

The setgid mail for procmail is unnecessary, although  it is installed this
way here. 

-- 
Ollivier ROBERT    -=- The daemon is FREE! -=-    roberto@keltia.freenix.fr
FreeBSD keltia.freenix.fr 2.2-CURRENT #11: Tue Apr  9 20:14:48 MET DST 1996