From owner-freebsd-security  Fri Apr 30  7:42: 2 1999
Delivered-To: freebsd-security@freebsd.org
Received: from ns1.sminter.com.ar (ns1.sminter.com.ar [200.10.100.10])
	by hub.freebsd.org (Postfix) with ESMTP id 94A8B14C45
	for <freebsd-security@FreeBSD.ORG>; Fri, 30 Apr 1999 07:41:53 -0700 (PDT)
	(envelope-from fpscha@ns1.sminter.com.ar)
Received: (from fpscha@localhost)
          by ns1.sminter.com.ar (8.8.5/8.8.4)
	  id LAA09081; Fri, 30 Apr 1999 11:37:12 -0300 (GMT)
From: Fernando Schapachnik <fpscha@ns1.sminter.com.ar>
Message-Id: <199904301437.LAA09081@ns1.sminter.com.ar>
Subject: Re: Does mail.local need to be setuid-root?
In-Reply-To: <Pine.BSF.3.96.990430100145.16784G-100000@fledge.watson.org> from Robert Watson at "Apr 30, 99 10:09:36 am"
To: robert+freebsd@cyrus.watson.org
Date: Fri, 30 Apr 1999 11:37:12 -0300 (GMT)
Cc: pjlobo@euitt.upm.es, freebsd-security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL40 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

En un mensaje anterior, Robert Watson escribió:
> On Fri, 30 Apr 1999, Pedro J. Lobo wrote:
> 
> > Hello, people.
> > 
> > I have a 3.1-RELEASE machine which, among other tasks, acts as a mail and
> > telnet server for out students. Recently I noticed that several users were
> > using more disk space than his quotas should allow (!). After a bit of
> > investigation, I have traced down the problem to the mail system.
> > 
> > The problem is that you cand send mail to a user that is over quota, and
> > the system will append the new message to its inbox (located in /var/mail,
> > as by default). Indeed, root can append data to a file that belongs to a
> > user that is over quota.
> > 
> > As you may see, it is a rather ugly "feature". So, the question is: does
> > /usr/libexec/mail.local need to be setuid root? Or, alternatively, can I
> > use /usr/bin/mail as the local mailer? I also administer an alpha with
> > Tru64 Unix 4.0d and it uses /bin/mail (no setuid/setgid) as the local
> > mailer.

You can use procmail with doesn't need suid.

Regards.



Fernando P. Schapachnik
Administración de la red
VIA Net Works Argentina SA


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message