From owner-freebsd-security Fri Apr 30 10: 6:29 1999 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 743FC14FF7 for ; Fri, 30 Apr 1999 10:06:23 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id KAA07652; Fri, 30 Apr 1999 10:06:27 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda07650; Fri Apr 30 10:06:16 1999 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id KAA00762; Fri, 30 Apr 1999 10:06:10 -0700 (PDT) Message-Id: <199904301706.KAA00762@passer.osg.gov.bc.ca> Received: from localhost.osg.gov.bc.ca(127.0.0.1), claiming to be "passer.osg.gov.bc.ca" via SMTP by localhost.osg.gov.bc.ca, id smtpdXLJ755; Fri Apr 30 10:05:33 1999 X-Mailer: exmh version 2.0.2 2/24/98 Reply-To: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 3.1-RELEASE X-Sender: cschuber To: "Pedro J. Lobo" Cc: freebsd-security@FreeBSD.ORG Subject: Re: Does mail.local need to be setuid-root? In-reply-to: Your message of "Fri, 30 Apr 1999 15:47:18 +0200." Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Date: Fri, 30 Apr 1999 10:05:33 -0700 From: Cy Schubert Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message , "Pe dro J. Lobo" writes: > Hello, people. > = > I have a 3.1-RELEASE machine which, among other tasks, acts as a mail a= nd > telnet server for out students. Recently I noticed that several users w= ere > using more disk space than his quotas should allow (!). After a bit of > investigation, I have traced down the problem to the mail system. > = > The problem is that you cand send mail to a user that is over quota, an= d > the system will append the new message to its inbox (located in /var/ma= il, > as by default). Indeed, root can append data to a file that belongs to = a > user that is over quota. > = > As you may see, it is a rather ugly "feature". So, the question is: doe= s > /usr/libexec/mail.local need to be setuid root? Or, alternatively, can = I > use /usr/bin/mail as the local mailer? I also administer an alpha with > Tru64 Unix 4.0d and it uses /bin/mail (no setuid/setgid) as the local > mailer. The main difference between DU and FreeBSD is: DU 4.0D: OSF1 hostname V4.0 878 alpha drwxrwxrwt 2 root mail 512 Apr 26 00:00 = /var/spool/mail lrwxrwxrwx 1 root system 7 Dec 9 14:16 /bin -> = usr/bin -rws--x--x 2 root bin 40960 Dec 29 1997 /usr/bin/mail FreeBSD 3.1R: FreeBSD hostname 3.1-RELEASE FreeBSD 3.1-RELEASE #0: Thu Apr 8 = 16:05:54 PDT 1999 root@hostname:/opt/usr_src-310/sys/compile/HOS TNAME i386 drwxrwxr-x 2 root mail 512 Apr 30 09:41 /var/mail -r-sr-xr-x 1 root wheel 15056 Mar 2 06:53 /usr/libexec/mail.loca l Solaris 2.6 (for good measure): SunOS HOSTNAME 5.6 Generic_105181-12 sun4u sparc SUNW,Ultra-Enterpri se drwxrwxrwt 3 root mail 512 Apr 29 23:45 /var/mail -r-x--s--x 1 bin mail 64376 Jul 15 1997 /bin/mail You can resolve your issue by making mail.local sgid mail instead = of suid root. Ownership of individual mail files cannot be set by = mail.local when its sgid mail, so you will need to create each = individual user's mail spool file with the proper permissions 660 = and ownership before they can receive mail. If mail.local is the = only sgid mail application on your system, using sgid mail = shouldn't be any less secure (from a privacy point of view) than = the stock-out-of-the-box setup. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Open Systems Group Internet: Cy.Schubert@uumail.gov.bc.ca ITSD Cy.Schubert@gems8.gov.bc.ca Province of BC = "e**(i*pi)+1=3D0" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message