Another minor security query...

[imurdock@gnu.ai.mit.edu]

   Date: Wed, 6 Apr 94 09:52 PDT
   From: pat@it.com.au (Pat Mackinlay)

   I'm not sure if it's a local problem or not, but my (pretty standard)
   Debian 0.91 system (or elm, to be more precise) keeps changing the gid
   of my mailbox files to the default gid of the user, rather than to gid
   "mail". This *is* a security hole, as the permissions are 660. Is this
   another elm bug?

Yes.  This is because /var/spool/mail should have the setgid bit set
and be owned by root.mail; try `chmod 3777 /var/spool/mail ; chown
root.mail /var/spool/mail'.  It was incorrect in 0.91.

Ian Murdock <imurdock@gnu.ai.mit.edu>