Re: Policy: Mail folder creation (Re: Debian mutt package)

To: Thomas Roessler <roessler@guug.de>
Cc: debian-devel@lists.debian.org, debian-policy@lists.debian.org, 30433@bugs.debian.org
Subject: Re: Policy: Mail folder creation (Re: Debian mutt package)
From: md@linux.it (Marco d'Itri)
Date: Wed, 9 Dec 1998 00:19:06 +0100
Message-id: <[🔎] 19981209001906.F4059@wonderland.linux.it>
In-reply-to: <[🔎] 19981207224021.B4780@sobolev.rhein.de>; from Thomas Roessler on Mon, Dec 07, 1998 at 10:40:21PM +0100
References: <19981207172313.E28380@sobolev.rhein.de> <19981207212107.F4510@wonderland.linux.it> <19981207172313.E28380@sobolev.rhein.de> <19981207211915.E4510@wonderland.linux.it> <[🔎] 19981207224021.B4780@sobolev.rhein.de>

On Dec 07, Thomas Roessler <roessler@guug.de> wrote:
 >>   30433  mutt: Mutt doesn't create the user's mail file as dictated by
 >> policy manual
[...]
 >The reason for this is simple: From a least-privilege point of view,
 >the one and only privileged operation a MUA ever needs to perform is
 >locking and unlocking the spool file.  This can nicely be put into
 >an external program, as mutt demostrates.  Removing or creating the
 >user's spool file is an additional and unnecessary privileged
 >operation in a configuration like Debian's.  It's a security breach
 >on systems with a mode 1777 mail spool.
I think this is a very sensible rationale.
If noone objects I will reassign the bugs against mutt to the policy
package.

-- 
ciao,
Marco

Reply to:

Follow-Ups:
- Re: Policy: Mail folder creation (Re: Debian mutt package)
  - From: Oscar Levi <elf@buici.com>

References:
- Policy: Mail folder creation (Re: Debian mutt package)
  - From: Thomas Roessler <roessler@guug.de>

Prev by Date: Re: New guile packages
Next by Date: Re: X v3.3.3
Previous by thread: Re: Policy: Mail folder creation (Re: Debian mutt package)
Next by thread: Re: Policy: Mail folder creation (Re: Debian mutt package)
Index(es):
- Date
- Thread