Date: Fri, 30 Apr 1999 15:47:18 +0200 (MET DST) From: "Pedro J. Lobo" <pjlobo@euitt.upm.es> To: freebsd-security@freebsd.org Subject: Does mail.local need to be setuid-root? Message-ID: <Pine.OSF.4.05.9904301535330.15810-100000@haddock.euitt.upm.es>
next in thread | raw e-mail | index | archive | help
Hello, people. I have a 3.1-RELEASE machine which, among other tasks, acts as a mail and telnet server for out students. Recently I noticed that several users were using more disk space than his quotas should allow (!). After a bit of investigation, I have traced down the problem to the mail system. The problem is that you cand send mail to a user that is over quota, and the system will append the new message to its inbox (located in /var/mail, as by default). Indeed, root can append data to a file that belongs to a user that is over quota. As you may see, it is a rather ugly "feature". So, the question is: does /usr/libexec/mail.local need to be setuid root? Or, alternatively, can I use /usr/bin/mail as the local mailer? I also administer an alpha with Tru64 Unix 4.0d and it uses /bin/mail (no setuid/setgid) as the local mailer. TIA, Pedro. -- ------------------------------------------------------------------- Pedro José Lobo Perea Tel: +34 91 336 78 19 Centro de Cálculo Fax: +34 91 331 92 29 E.U.I.T. Telecomunicación e-mail: pjlobo@euitt.upm.es Universidad Politécnica de Madrid Ctra. de Valencia, Km. 7 E-28031 Madrid - España / Spain To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSF.4.05.9904301535330.15810-100000>