Date: Fri, 07 Jun 1996 05:39:22 -0700 From: Paul Traina <pst@shockwave.com> To: security@freebsd.org Cc: committer@freebsd.org, core@freebsd.org, hackers@freebsd.org Subject: FreeBSD's /var/mail permissions Message-ID: <199606071239.FAA19708@precipice.shockwave.com>
next in thread | raw e-mail | index | archive | help
General problem:
Currently, /var/mail is set 0755 and mail.local is setuid root.
Any program which needs to *create* a new file in /var/mail must
be setuid root. Any program which wishes to manipulate a user mail
file needs no special permissions (other than user permissions).
I consider this a generic bug, even though there's a specific
reason motivating me to change it.
Specific problem:
Previous versions of the popper port created a temporary file
".pop.username" in /var/mail as root, and then chowned the file
over to the user. This was changed to avoid a potential race
condition. The file creation is now done at user level.
When I discussed this with the author of popper, he was adamant
that /var/mail should be 1755 (ala 4.3BSD) or 775 with a group
of mail (ala USG...barf).
If popper were the only problem, I'd consider chosing a
different directory for this temporary file to be created, such
as /var/tmp. This leads to a new set of problems and I consider
it less secure than maintaining the file in /var/mail as we have
always done.
Proposed solution:
I'm considering creating group "mail" and going the setgid route,
so that a program which creates files in /var/mail can be simply
setgid mail.
This is a well understood mail directory protection mechanism
and employs the "principle of least privilege."
Impact:
Programs that expect the current semantics will still work just
fine (we wouldn't need to change elm or mail.local). All we
are doing is allowing setgid mail delivery programs create
access to /var/mail.
Comments?
I hate changing permissions on such a vital hunk of FreeBSD without
discussion. Please TRIM THE CC LINE and keep all discussion in
security@freebsd.org as opposed to the other lists.
Paul
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606071239.FAA19708>