From owner-freebsd-security  Fri Jun  7 09:35:58 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id JAA29664
          for security-outgoing; Fri, 7 Jun 1996 09:35:58 -0700 (PDT)
Received: from sovcom.kiae.su (sovcom.kiae.su [144.206.136.1])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id JAA29656
          for <security@freebsd.org>; Fri, 7 Jun 1996 09:35:46 -0700 (PDT)
Received: by sovcom.kiae.su id AA23603
  (5.65.kiae-1  for security@freebsd.org); Fri, 7 Jun 1996 19:24:54 +0300
Received: by sovcom.KIAE.su (UUMAIL/2.0); Fri,  7 Jun 96 19:24:54 +0300
Received: (from ache@localhost) by astral.msk.su (8.7.5/8.7.3) id UAA00541 for security@freebsd.org; Fri, 7 Jun 1996 20:19:03 +0400 (MSD)
Message-Id: <199606071619.UAA00541@astral.msk.su>
Subject: Re: FreeBSD's /var/mail permissions
To: security@freebsd.org
Date: Fri, 7 Jun 1996 20:19:02 +0400 (MSD)
In-Reply-To: <199606071251.FAA25052@precipice.shockwave.com> from "Paul Traina" at "Jun 7, 96 05:51:50 am"
From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) <ache@astral.msk.su>
X-Class: Fast
X-Mailer: ELM [version 2.4ME+ PL19 (25)]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

>     If popper were the only problem, I'd consider chosing a
>     different directory for this temporary file to be created, such
>     as /var/tmp.  This leads to a new set of problems and I consider
>     it less secure than maintaining the file in /var/mail as we have
>     always done.

Not popper only is the problem, I remember that procmail and
elm use this feature too (but can work without it too).
It is common technique to create temporary mailbox in /var/mail
and rename it to actual mailbox. This method avoid complex
locking during rewriting window.

> Proposed solution:
>     I'm considering creating group "mail" and going the setgid route,
>     so that a program which creates files in /var/mail can be simply
>     setgid mail.
> 
>     This is a well understood mail directory protection mechanism
>     and employs the "principle of least privilege."

adduser program MUST create new user mailbox in this case to avoid
pre-created mailboxes.
Now it only send mail wich can be appended to pre-created mailbox. :-(

-- 
Andrey A. Chernov        : And I rest so composedly,  /Now, in my bed,
ache@astral.msk.su       : That any beholder  /Might fancy me dead -
http://dt.demos.su/~ache : Might start at beholding me,  /Thinking me dead.
RELCOM Team,FreeBSD Team :         E.A.Poe         From "For Annie" 1849