Date: Mon, 10 Jun 1996 01:13:30 +0200 (MET DST) From: "Mikael Karpberg" <karpen@sea.campus.luth.se> To: security@FreeBSD.org Subject: Re: FreeBSD's /var/mail permissions Message-ID: <199606092313.BAA08704@sea.campus.luth.se> In-Reply-To: <199606081506.IAA05615@precipice.shockwave.com> from "Paul Traina" at Jun 8, 96 08:06:48 am
next in thread | previous in thread | raw e-mail | index | archive | help
> Excellent point. :-( [...] > > Proposed solution: > > I'm considering creating group "mail" and going the setgid route, > > so that a program which creates files in /var/mail can be simply > > setgid mail. > > > > This is a well understood mail directory protection mechanism > > and employs the "principle of least privilege." > > I don't think so. Unlike SysV, you cannot chown a file to a user of > your will except when being root. So IMHO this does already mandate > the programs that create mail folders to be setuid root. Given this, > there's no sense in using the group `mail' in addition. Er... Excellent point? Why in the WORLD would you want to chown the files for? If a program wants to lock the mail file, by creating a lock file, or move the mailbox to another name and create a new mailbox, or use some form of temporary file, that file should owned by the same user that is running the program, and not the user at the terminal beside him, no? ;-) And the really neat thing is, if he just creates a file in mail with a "setgid mail" program, it will be created and... *drumroll* ...already be for the right user! No need to chown, is there? Provided /var/mail is 775 root:mail and the program is setgid mail. Only mail.local needs to be root still, because it is not invoked by the user who's mailbox it's going to edit. Seems the setgid and 775 root:mail /var/mail is the excellent idea, to me. /Mikael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606092313.BAA08704>