Date: Fri, 30 Apr 1999 11:37:12 -0300 (GMT) From: Fernando Schapachnik <fpscha@ns1.sminter.com.ar> To: robert+freebsd@cyrus.watson.org Cc: pjlobo@euitt.upm.es, freebsd-security@FreeBSD.ORG Subject: Re: Does mail.local need to be setuid-root? Message-ID: <199904301437.LAA09081@ns1.sminter.com.ar> In-Reply-To: <Pine.BSF.3.96.990430100145.16784G-100000@fledge.watson.org> from Robert Watson at "Apr 30, 99 10:09:36 am"
next in thread | previous in thread | raw e-mail | index | archive | help
En un mensaje anterior, Robert Watson escribió: > On Fri, 30 Apr 1999, Pedro J. Lobo wrote: > > > Hello, people. > > > > I have a 3.1-RELEASE machine which, among other tasks, acts as a mail and > > telnet server for out students. Recently I noticed that several users were > > using more disk space than his quotas should allow (!). After a bit of > > investigation, I have traced down the problem to the mail system. > > > > The problem is that you cand send mail to a user that is over quota, and > > the system will append the new message to its inbox (located in /var/mail, > > as by default). Indeed, root can append data to a file that belongs to a > > user that is over quota. > > > > As you may see, it is a rather ugly "feature". So, the question is: does > > /usr/libexec/mail.local need to be setuid root? Or, alternatively, can I > > use /usr/bin/mail as the local mailer? I also administer an alpha with > > Tru64 Unix 4.0d and it uses /bin/mail (no setuid/setgid) as the local > > mailer. You can use procmail with doesn't need suid. Regards. Fernando P. Schapachnik Administración de la red VIA Net Works Argentina SA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904301437.LAA09081>