On Mon, Apr 09, 2001 at 11:25:20AM -0500, Jaldhar H. Vyas wrote: > On Mon, 9 Apr 2001, Ethan Benson wrote: > > > i would like to know why policy even suggests mailspools have 660 > > user.mail permissions, postfix being a sane mailer sets permissions to > > 600 user.mail. making mailspools writable by group mail does nothing > > but make a gid=mail exploit disasterous where it would ordinarily be > > rather boring. (especially if you change /var/mail permissions to > > 3775) > > > > > > In bug #24772 against debian-policy, Herbert Xu asked the same thing. He > also asked for a rationale for the current policy. The amendment was > rejected and no rationale was given afaict. no reason for the rejection was given either. all thats mentioned in that bug report is that pine has `permissions issues' i fail to see why pine -- which is run by the *user* needs group write permission if you own the file and the owner has rw then you and everything you run has rw. if pine has some screwball requirements i don't think that should mandate unsecure policy. especially since pine is not even in debian, its non-free. besides that i installed pine on a box running postfix this summer and the only `permissions issue' it had was complaining on startup that /var/spool/mail was mode 2775 instead of 1777, it was only a complaint and it seemed to work fine otherwise (well as fine as pine `works'). > So Policy Gods, please enlighten us! indeed, this should be changed 660 is a security hole. in fact i would propose that /var/mail permissions be changed from 2775 to 3775 to prevent a gid=mail exploit from allowing users to rm -rf everyone elses mail. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpfCAADv13nz.pgp
Description: PGP signature