From owner-freebsd-current Thu Apr 11 19:52:10 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id TAA11613 for current-outgoing; Thu, 11 Apr 1996 19:52:10 -0700 (PDT) Received: from VX23.CC.MONASH.EDU.AU (vx23.cc.monash.edu.au [130.194.1.23]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id TAA11584 for ; Thu, 11 Apr 1996 19:51:59 -0700 (PDT) Received: from moa.cc.monash.edu.au (george@moa.cc.monash.edu.au) by vaxc.cc.monash.edu.au (PMDF V5.0-6 #16291) id <01I3GDQ6V7FM9I6Y8R@vaxc.cc.monash.edu.au> for current@freebsd.org; Fri, 12 Apr 1996 12:49:51 +1000 Received: (george@localhost) by moa.cc.monash.edu.au (8.6.10/8.6.4) id MAA25698 for current@freebsd.org; Fri, 12 Apr 1996 12:49:40 +1000 Date: Fri, 12 Apr 1996 12:49:40 +1000 From: George Scott Subject: Re: /var/mail default permissions?? To: current@freebsd.org Message-id: <199604120249.MAA25698@moa.cc.monash.edu.au> Content-transfer-encoding: 7BIT Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >> I thought /var/mail was supposed to be mode 1777 on BSD systems?? > > No. This would allow someone to create a bogus mailbox on behalf of someone > else (assuming one didn't yet exist) that could then be read by people other > than the intended recipient. > This issue has been thrashed out many times before... I have seen this type of thing many times in the past. Someone asks "Shouldn't X be set to Y instead of Z" and the answer is "No, Z is correct because ....". This indicates, to me, a documentation problem. I would be the first to admit that I'm not good at documenting things, but that doesn't stop me throwing stones! I think that every time we have one of these 24 hour debates a comment should be added to the source code (or where ever is appropriate) indicating why things are the way they are. This would save much effort in the future when someone else asks the same question. For this particular example a good place might be in /etc/mtree/BSD.var.dist and the comment something along the lines of: # /var/mail shouldn't be 1777 since this would allow someone to create a bogus # mailbox on behalf of someone that could then be read by others. George. -- George Scott, Caulfield Computer Centre, Monash University Email: George.Scott@cc.monash.edu.au