Re: Policy: Mail folder creation (Re: Debian mutt package)
On Dec 07, Thomas Roessler <roessler@guug.de> wrote:
>> 30433 mutt: Mutt doesn't create the user's mail file as dictated by
>> policy manual
[...]
>The reason for this is simple: From a least-privilege point of view,
>the one and only privileged operation a MUA ever needs to perform is
>locking and unlocking the spool file. This can nicely be put into
>an external program, as mutt demostrates. Removing or creating the
>user's spool file is an additional and unnecessary privileged
>operation in a configuration like Debian's. It's a security breach
>on systems with a mode 1777 mail spool.
I think this is a very sensible rationale.
If noone objects I will reassign the bugs against mutt to the policy
package.
--
ciao,
Marco
Reply to: