From owner-freebsd-security Fri Jun 7 08:42:53 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id IAA24505 for security-outgoing; Fri, 7 Jun 1996 08:42:53 -0700 (PDT) Received: from xmission.xmission.com (softweyr@xmission.xmission.com [198.60.22.2]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id IAA24493 for ; Fri, 7 Jun 1996 08:42:47 -0700 (PDT) Received: (from softweyr@localhost) by xmission.xmission.com (8.7.5/8.7.5) id JAA14520; Fri, 7 Jun 1996 09:42:09 -0600 (MDT) From: Barnacle Wes Message-Id: <199606071542.JAA14520@xmission.xmission.com> Subject: Re: FreeBSD's /var/mail permissions To: pst@shockwave.com (Paul Traina) Date: Fri, 7 Jun 1996 09:42:08 -0600 (MDT) Cc: security@freebsd.org In-Reply-To: <199606071239.FAA19708@precipice.shockwave.com> from "Paul Traina" at Jun 7, 96 05:39:22 am X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Proposed solution: > I'm considering creating group "mail" and going the setgid route, > so that a program which creates files in /var/mail can be simply > setgid mail. > > This is a well understood mail directory protection mechanism > and employs the "principle of least privilege." >From a security standpoint, this is a win. If it were only *one* less suid program, it probably wouldn't be worth bothering with, but with the number of MUAs on the average system these days (elm, pine, emacs, mh, xmh, netscape, various X mailers, etc) this is worth doing. Each of these can be changed from suid to sgid as someone is doing a port update. -- Wes Peters | Yes I am a pirate, two hundred years too late Softweyr | The cannons don't thunder, there's nothing to plunder Consulting | I'm an over forty victim of fate... softweyr@xmission.com | Jimmy Buffett