Re: Another minor security query...

[iwj10@cus.cam.ac.uk (Ian Jackson)]

Ian Murdock writes:
> This is because /var/spool/mail should have the setgid bit set
> and be owned by root.mail; try `chmod 3777 /var/spool/mail ; chown
> root.mail /var/spool/mail'.  It was incorrect in 0.91.

Much as I hate to disagree with Ian, I must point out once again that
/var/spool/mail should be mode 2775, group owner mail.

A world-writeable mail spool is a security hole: at the very least it
allows users to arrange to receive others' mail. [*]

Any programs that need to access the mail spool (for example, to
create lockfiles) have to be made setgid to group mail, obviously
after checking that they take appropriate security precautions.

At least some versions (and I believe all recent ones) of Elm, mailx
and Emacs's movemail do take these precautions; as I said when this
came up last time, I can't speak for mh's inc.

Any mail programs that aren't yet sufficiently secure to be made
setgid mail will need to be fixed before inclusion in Debian.

Ian.

[*] This is not a hypothetical attack -- I have carried out the
experiment.  My mail transport is Smail 3.1.28, compiled by myself.