Date: Fri, 22 Jun 2001 21:06:48 +0300 From: Valentin Nechayev <netch@iv.nn.kiev.ua> To: Nuno Teixeira <nuno.mailinglists@pt-quorum.com> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: /var/mail permissions: 0755 or 01777 ? Message-ID: <20010622210648.A1493@iv.nn.kiev.ua> In-Reply-To: <20010621224558.F335-100000@gateway.bogus>; from nuno.mailinglists@pt-quorum.com on Thu, Jun 21, 2001 at 10:53:57PM %2B0100 References: <20010622001925.A1597@iv.nn.kiev.ua> <20010621224558.F335-100000@gateway.bogus>
next in thread | previous in thread | raw e-mail | index | archive | help
Thu, Jun 21, 2001 at 22:53:57, nuno.mailinglists (Nuno Teixeira) wrote about "Re: /var/mail permissions: 0755 or 01777 ?": > In this particular case there is a security problem like you told me? Possibly. Permissions like `1777' are *UGLY* workaround to allow mail delivery agents to create mailboxes and lockfiles. Mailbox creating is needed in rare case when mailbox does not exist yet. Locking via file creating (/var/mail/${user}.lock for /var/mail/${user}) is one way to lock mailbox during mail delivery (which is nesessary to keep messages integrity and disallow them to interfere). Another popular way is to use flock(). flock() is BSD tradition. File lock is SysV tradition. procmail, e.g., uses both. Permissions `1777' are ugly because they allow any user to create any file in such directory. Any bad guy can set TMPDIR to such /var/mail and use it as temporary storage(!!) There are some another ways. Old way which is considered now as also insecure is to give 0775 root:mail to /var/mail and sgid:mail for mail readers. Keeping /var/mail paradigm, the correct way is to use separate simple, small and well-audited sgid:mail program to create and drop file locks. mutt-dotlock is such program. Pine is not adapted to use analog of mutt-dotlock. It expects sgid:mail rights or 1777 for /var/mail. This is because I say bad words against Pine. But it is obligated in such context to say that the whole idea of /var/mail is wrong and can be used only as way for compatibility with amoebas and dinosaurs of early Unix versions. Mailbox is another dinosaur. To avoid problems with locks in /var/mail, keep inbox in home. To avoid locks, use maildir. Mutt supports maildir, procmail supports maildir, and one has no strict reason now to work with ancient ghosts. > I start using Pine when I came from (MS) Outlook Express about a year and > this program is the best that I found with the best options to work with > mail. > I read a lot about Mutt 'the mongrel' but I think it isn't the best > choice for newbies like me. I recommend Mutt itself for newbies. But let's skip discussion on tastes. /netch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010622210648.A1493>