Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 31 Oct 1996 03:52:57 -0800 (PST)
From:      Mark Crispin <MRC@Panda.COM>
To:        "Marc G. Fournier" <scrappy@ki.net>
Cc:        chat@FreeBSD.org
Subject:   Re: /var/mail (was: re: Help, permission problems...)
Message-ID:  <MailManager.846762777.5917.mrc@Ikkoku-Kan.Panda.COM>
In-Reply-To: <Pine.NEB.3.95.961031045434.23033B-100000@quagmire.ki.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, 31 Oct 1996 04:59:27 -0500 (EST), Marc G. Fournier wrote:
> On Wed, 30 Oct 1996, Mark Crispin wrote:
> > > > 2) The sticky bit on the mail spool must be set; 1777, not 777.
> > > 	This is the cause of the DoS used as an example...
> > It does, however, prevent bad guys from deleting other folks' mail.
> 	So does 755...

True but irrelevant.

> > > 	so, you are suggesting that touch/<insert favorite editor here> be
> > > modified so as to not permit creating a file in /var/mail?
> > No, that means making programs which access the spool run setuid/setgid.
> > Some UNIX variants do this.
> 	a setuid touch command?  Sorry, you've still kinda lost me on this,
> unless you are suggesting that the 'lock' against accessing spool is
> kernel based?

Sigh.  Where does this nonsense about "touch" or editors or kernel mods comes
from?

Let me try again, nice and simple.

	/var/mail protected 775 and in group mail.
	All mail readers protected 2755 and in group mail.
This is what some systems do when they don't want to grant world write.  More
systems do this than use system call locking.  Many more.

I don't recommend that configuration either.

> > NFS mounting the mail spool has to be made to work (as best as NFS
> > will permit).
> 	Except, by "supporting" it in a piece of software that was designed
> so that NFS mounts aren't required in no way discourages the use of NFS
> mounted spool directories...

This statement is a non-sequitor.

For your information, there are sites which use imapd to access NFS-mounted
spools.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MailManager.846762777.5917.mrc>