Date: Wed, 30 Oct 1996 08:51:27 -0600 (CST) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: MRC@CAC.Washington.EDU (Mark Crispin) Cc: jgreco@brasil.moneng.mei.com, terry@lambert.org, j@uriah.heep.sax.de, roberto@keltia.freenix.fr, current@FreeBSD.org, scrappy@ki.net Subject: Re: /var/mail (was: re: Help, permission problems...) Message-ID: <199610301451.IAA25819@brasil.moneng.mei.com> In-Reply-To: <MailManager.846641651.13515.mrc@Tomobiki-Cho.CAC.Washington.EDU> from "Mark Crispin" at Oct 29, 96 06:14:11 pm
next in thread | previous in thread | raw e-mail | index | archive | help
>
> On Tue, 29 Oct 1996 19:58:56 -0600 (CST), Joe Greco wrote:
> > This is bull.
>
> I give up.
>
> I told you already that it already does the type of locks that your mail.local
> expects. It also does the type of locks that other software expects, to make
> it run robustly on a variety of different systems, most of which are run by
> folks who haven't a clue what fcntl means.
>
> Has it ever dawned on any of you that a user on a FreeBSD system just might be
> getting the mail spool via NFS from a different flavor of UNIX, one that uses
> the .lock files instead? Probably not, but it's my job to think about such
> things and make sure that they work, because golly gee, people do such things.
Has it ever dawned on you that if you were to make this sort of policy
decision bubble up to the surface via a Configure-like mechanism, in the
manner that Elm does, that this would completely solve your problem?
It seems to have worked very well over many years for them, after all.
This is, in my opinion, the best solution to the problem. You can select
a set of OS-compatible defaults. More knowledgeable folks who choose to
replace vendor's crappy mail software with modern, secure alternatives can
change the defaults. Preferably without going on a 'search and destroy'
through the source code because you are inflexible and unwilling to admit
that the whole world does not need to have 1777 as their mail directory
permissions.
> The only possible problem in all of this is that you will get get a warning
> message if the attempt to create the lock file fails; and that if (and only
> if) the mail spool is delivered to using flock/fcntl, the warning can be
> disregarded and probably should not be generated.
>
> I told you how to build the code so you don't get the warning message . This
> should be quite enough for any hacker to say "thank you" and take it from
> there.
If your code complains, by default, on a FreeBSD system, then your code is
not FreeBSD-compatible.
I am looking at /etc/mtree/4.4BSD.var under NetBSD-current, and I see that
it specifies:
# ./mail
/set type=file gname=guest uname=root mode=0600
mail type=dir uname=root gname=wheel mode=0755
# ./mail
So you are not NetBSD-compatible either, it seems.
Relaxing the system security to make it "compatible" with your code is a
cheesy solution: I call it "intentionally compromising system security".
> If the FreeBSD community doesn't want to play ball with the rest of the UNIX
> world, that is its business. I understand now why Linux has taken off and
> FreeBSD has not.
Cheap shot, and not true, from everything that I can tell. People who
need reliability and security seem to use FreeBSD. Other, less educated
folks, or folks who do not care about these issues, seem to use Linux.
They are the same people who buy consumer grade ("Packard Bell") PC's to
be their hardware platform. Whoopie.
... JG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610301451.IAA25819>