Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 30 Apr 1999 10:05:33 -0700
From:      Cy Schubert <cschuber@uumail.gov.bc.ca>
To:        "Pedro J. Lobo" <pjlobo@euitt.upm.es>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: Does mail.local need to be setuid-root? 
Message-ID:  <199904301706.KAA00762@passer.osg.gov.bc.ca>
In-Reply-To: Your message of "Fri, 30 Apr 1999 15:47:18 %2B0200." <Pine.OSF.4.05.9904301535330.15810-100000@haddock.euitt.upm.es>
index | next in thread | previous in thread | raw e-mail 

In message <Pine.OSF.4.05.9904301535330.15810-100000@haddock.euitt.u
pm.es>, "Pe
dro J. Lobo" writes:
> Hello, people.
> 
> I have a 3.1-RELEASE machine which, among other tasks, acts as a mail and
> telnet server for out students. Recently I noticed that several users were
> using more disk space than his quotas should allow (!). After a bit of
> investigation, I have traced down the problem to the mail system.
> 
> The problem is that you cand send mail to a user that is over quota, and
> the system will append the new message to its inbox (located in /var/mail,
> as by default). Indeed, root can append data to a file that belongs to a
> user that is over quota.
> 
> As you may see, it is a rather ugly "feature". So, the question is: does
> /usr/libexec/mail.local need to be setuid root? Or, alternatively, can I
> use /usr/bin/mail as the local mailer? I also administer an alpha with
> Tru64 Unix 4.0d and it uses /bin/mail (no setuid/setgid) as the local
> mailer.

The main difference between DU and FreeBSD is:

DU 4.0D:
OSF1 hostname V4.0 878 alpha
drwxrwxrwt   2 root     mail         512 Apr 26 00:00 
/var/spool/mail
lrwxrwxrwx   1 root     system         7 Dec  9 14:16 /bin -> 
usr/bin
-rws--x--x   2 root     bin        40960 Dec 29  1997 /usr/bin/mail

FreeBSD 3.1R:
FreeBSD hostname 3.1-RELEASE FreeBSD 3.1-RELEASE #0: Thu Apr  8 
16:05:54 PDT 1999     root@hostname:/opt/usr_src-310/sys/compile/HOS
TNAME  i386
drwxrwxr-x  2 root  mail  512 Apr 30 09:41 /var/mail
-r-sr-xr-x  1 root  wheel  15056 Mar  2 06:53 /usr/libexec/mail.loca
l

Solaris 2.6 (for good measure):
SunOS HOSTNAME 5.6 Generic_105181-12 sun4u sparc SUNW,Ultra-Enterpri
se
drwxrwxrwt   3 root     mail         512 Apr 29 23:45 /var/mail
-r-x--s--x   1 bin      mail       64376 Jul 15  1997 /bin/mail

You can resolve your issue by making mail.local sgid mail instead 
of suid root. Ownership of individual mail files cannot be set by 
mail.local when its sgid mail, so you will need to create each 
individual user's mail spool file with the proper permissions 660 
and ownership before they can receive mail.  If mail.local is the 
only sgid mail application on your system, using sgid mail 
shouldn't be any less secure (from a privacy point of view) than 
the stock-out-of-the-box setup.


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Open Systems Group          Internet:  Cy.Schubert@uumail.gov.bc.ca
ITSD                                   Cy.Schubert@gems8.gov.bc.ca
Province of BC            
                      "e**(i*pi)+1=0"





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904301706.KAA00762>