Re: non-setgid mail MUAs
>>"Matt" == Matt Kraai <kraai@alumni.carnegiemellon.edu> writes:
Matt> Howdy, Policy 3.2.1.0 states that MUAs should be setgid mail.
Matt> This is so that they can create lockfiles in /var/spool/mail.
Matt> This has the unfortunate consequence that MUA bugs can be
Matt> exploited to read the email of other users. A setgid mail
Matt> locking utility has been added to liblockfile so that MUAs that
Matt> use liblockfile do not need to be setgid mail. I have attached
Matt> a patch to policy.sgml to this effect. Assuming that this is a
Matt> reasonable request, would some developer please officially
Matt> propose it?
I suggest we have the code inplace, and have it tested, and
then get the MUA's to start using it _first_, and then we create
policy. Policy should follow tested practice, rather than lead by
vapourware.
manoj
--
Fourth Law of Applied Terror: The night before the English History
mid-term, your Biology instructor will assign 200 pages on planaria.
Corollary: Every instructor assumes that you have nothing else to do
except study for that instructor's course.
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: