[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tpop3d-discuss] tpop3d, sendmail and owner of mailbox
From: |
Chris Lightfoot |
Subject: |
Re: [tpop3d-discuss] tpop3d, sendmail and owner of mailbox |
Date: |
Wed, 14 Nov 2001 12:43:39 +0000 |
On Wed, Nov 14, 2001 at 12:36:57PM +0000, Chris Elsworth wrote:
> On Wed, Nov 14, 2001 at 09:51:47AM +0000, Chris Lightfoot wrote:
>
> > The reason that mail-group can be chosen in the above way
> > is that on some systems, /var/spool/mail is group mail,
> > g+w, so that a program needs to be setgid mail to write a
> > lock file. On other systems, /var/spool/mail is 1777, a
> > far more sensible default, and anyone can write a lock
> > file into /var/spool/mail.
>
> Not to start an argument or anything, but I share the view that the only
> mode 1777 directory on the entire system should be /tmp.
>
> Any mode 1777 directory has the potential of being filled up (by anyone
> who wants to), thus rendering the partition useless for valid applications
> - I could fill up the drive with any old file in /var/spool/mail if its
> mode 1777, and from that point on, nobody gets any mail.
>
> Group mail, and g+w, is, in my opinion, the more sensible protection
> scheme. Opinions will vary :)
Ah, what would be the fun of having a mailing list without
the occasional flame-war....
The counterarguments are:
- group mail g+w means that all mail clients must be
setgid mail in order to do locking properly, and
therefore introduce an additional security exposure;
- if somebody is sufficiently silly to try to fill up
/var/spool/mail, it will be fairly obvious who is
responsible;
- suitably-configured user disk quotas make this all
kind of irrelevant anyway.
The real solution is probably not to use dot-locking at
all, given that fcntl now (a) works and (b) is universally
supported.
--
With Age comes Wisdom - but sometimes Age travels alone
- [tpop3d-discuss] tpop3d, sendmail and owner of mailbox, Zdenek Pizl, 2001/11/13
- Re: [tpop3d-discuss] tpop3d, sendmail and owner of mailbox, Paul Warren, 2001/11/13
- Message not available
- Re: [tpop3d-discuss] tpop3d, sendmail and owner of mailbox, Paul Warren, 2001/11/14
- Re: [tpop3d-discuss] tpop3d, sendmail and owner of mailbox, Chris Lightfoot, 2001/11/14
- Re: [tpop3d-discuss] tpop3d, sendmail and owner of mailbox, Chris Elsworth, 2001/11/14
- Re: [tpop3d-discuss] tpop3d, sendmail and owner of mailbox,
Chris Lightfoot <=
- Re: [tpop3d-discuss] tpop3d, sendmail and owner of mailbox, Chris Elsworth, 2001/11/14
- Re: [tpop3d-discuss] tpop3d, sendmail and owner of mailbox, Paul Makepeace, 2001/11/14
- Re: [tpop3d-discuss] tpop3d, sendmail and owner of mailbox, Chris Lightfoot, 2001/11/14
- Re: [tpop3d-discuss] tpop3d, sendmail and owner of mailbox, Paul Warren, 2001/11/14
- [tpop3d-discuss] Re: tpop3d, sendmail and owner of mailbox, Zdenek Pizl, 2001/11/14
Message not available