non-setgid mail MUAs
Howdy,
Policy 3.2.1.0 states that MUAs should be setgid mail. This is so that
they can create lockfiles in /var/spool/mail. This has the unfortunate
consequence that MUA bugs can be exploited to read the email of other
users. A setgid mail locking utility has been added to liblockfile so
that MUAs that use liblockfile do not need to be setgid mail. I have
attached a patch to policy.sgml to this effect. Assuming that this is a
reasonable request, would some developer please officially propose it?
Matt
--- policy.sgml.orig Mon Aug 28 11:17:29 2000
+++ policy.sgml Mon Aug 28 11:22:08 2000
@@ -3168,10 +3168,11 @@
Mailboxes must be writable by group mail.</p>
<p>
- The mail spool is 2775 <tt>root.mail</tt>, and MUAs should
- be setgid mail to do the locking mentioned above (and
- must obviously avoid accessing other users' mailboxes
- using this privilege).</p>
+ The mail spool is 2775 <tt>root.mail</tt>, and MUAs which do
+ not use liblockfile should be setgid mail to do the locking
+ mentioned above (and must obviously avoid accessing other
+ users' mailboxes using this privilege). MUAs which do use
+ liblockfile should not be setgid mail.</p>
<p>
<tt>/etc/aliases</tt> is the source file for the system mail
Reply to: