From owner-freebsd-security Wed Aug 9 9: 4:58 2000 Delivered-To: freebsd-security@freebsd.org Received: from nenya.ms.mff.cuni.cz (nenya.ms.mff.cuni.cz [195.113.17.179]) by hub.freebsd.org (Postfix) with ESMTP id 3082837BB24 for ; Wed, 9 Aug 2000 09:04:49 -0700 (PDT) (envelope-from mencl@nenya.ms.mff.cuni.cz) Received: from localhost (mencl@localhost) by nenya.ms.mff.cuni.cz (8.9.3+Sun/8.9.1) with ESMTP id SAA23483; Wed, 9 Aug 2000 18:04:32 +0200 (MET DST) Date: Wed, 9 Aug 2000 18:04:32 +0200 (MET DST) From: "Vladimir Mencl, MK, susSED" To: Brad Guillory Cc: FreeBSD-SECURITY Subject: Re: pine 4.21 port issues? In-Reply-To: <20000809090625.A35124@baileylink.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 9 Aug 2000, Brad Guillory wrote: > I thought that a significant reason for dot locks is flock does not reliably > work over NFS. > > (Please correct me. I would like to be wrong on this one.) > > I don't think that this is relevant to FreeBSD-Security though. Thanks for the answers, especially to Garrett. I do think this is related to security - this thread came from the question whether we need world-writable directories on mailservers. And unfortunately, I feel that the answers is yes - if we want to avoid mailbox corruption. From reading the man page for mail.local, I see that there're several mailbox locking conventions - and I do not think that every single MUA or a LMDA-helper (e.g., procmail) consults the local mail-delivery policy at compile time. And it seems to me that the only way, how to check this reliably, is to human-read the mail.local page. FreeBSD mail.local tries to comply with as many of these conventions as it can (a flock is done, and a .lock is tried), however, it seems to me, that to avoid collisions with programs relying only on .lock, the only safe way is to allow .lock files in the /var/mail directory. Vlada > On Wed, Aug 09, 2000 at 09:52:40AM -0400, Garrett Wollman wrote: > > > > It's defined by the local mail delivery agent (in FreeBSD, > > mail.local). If you read the manual page, this is quite clear. (Our > > mail.local also creates .lock files, but these cannot be relied upon. > > These files were originally created because early Unix didn't have > > file locking, and have persisted thanks to Sun brain-damage.) Using > > file locking permits MUAs to operate without any elevated privilege, > > without requiring a world-writable spool directory > > (although the MDA must still run as root in order to write to user > > mailboxes and potentially chown new mailboxes to their respective > > users). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message