Date: Fri, 7 Jun 1996 09:42:08 -0600 (MDT) From: Barnacle Wes <softweyr@xmission.com> To: pst@shockwave.com (Paul Traina) Cc: security@freebsd.org Subject: Re: FreeBSD's /var/mail permissions Message-ID: <199606071542.JAA14520@xmission.xmission.com> In-Reply-To: <199606071239.FAA19708@precipice.shockwave.com> from "Paul Traina" at Jun 7, 96 05:39:22 am
next in thread | previous in thread | raw e-mail | index | archive | help
> Proposed solution:
> I'm considering creating group "mail" and going the setgid route,
> so that a program which creates files in /var/mail can be simply
> setgid mail.
>
> This is a well understood mail directory protection mechanism
> and employs the "principle of least privilege."
>From a security standpoint, this is a win. If it were only *one*
less suid program, it probably wouldn't be worth bothering with, but
with the number of MUAs on the average system these days (elm, pine,
emacs, mh, xmh, netscape, various X mailers, etc) this is worth doing.
Each of these can be changed from suid to sgid as someone is doing a
port update.
--
Wes Peters | Yes I am a pirate, two hundred years too late
Softweyr | The cannons don't thunder, there's nothing to plunder
Consulting | I'm an over forty victim of fate...
softweyr@xmission.com | Jimmy Buffett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606071542.JAA14520>