Bug#24772: debian-policy: mailboxes with perm 660

To: submit@bugs.debian.org
Subject: Bug#24772: debian-policy: mailboxes with perm 660
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Mon, 20 Jul 1998 14:06:24 +1000
Message-id: <[🔎] 199807200406.OAA03619@gondor.apana.org.au>
Reply-to: Herbert Xu <herbert@gondor.apana.org.au>, 24772@bugs.debian.org

Package: debian-policy
Version: 2.4.1.2

-- BEGIN --

On Mon, Jul 13, 1998 at 06:01:31PM +0200, Santiago Vila wrote:
> 
> On Mon, 13 Jul 1998, Herbert Xu wrote:
> 
> > Package: procmail
> > Version: 3.10.7-6
> > 
> > It seems that procmail is creating mailboxes with mode 660 (the MTA is
> > sendmail) and this is quite insecure as security holes in MUA's could lead
> > to private emails being accessed by unauthorised individuals.  The correct
> > mode is of course 600.
> 
> I don't know what you mean with "of course" but policy says:
> 
> 4.5 Mail transport agents
> 
> [...]
> 
>    Mailboxes are generally 660 user.mail unless the user has chosen
>    otherwise.

OK, can someone provide that rationale for this please? It seems completely
broken to me.

-- END --

Since nobody has given a good enough reason for the suggestion in the policy,
I'm filing this bug report.

-- System Information
Debian Release: 2.0
Kernel Version: Linux gondor 2.0.34 #2 Sun Jun 21 15:45:18 EST 1998 i486 unknown


--  
To UNSUBSCRIBE, email to debian-qa-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Prev by Date: Processed: Bug#21185: Reassigning to policy
Next by Date: take-over of xbattle and xmcpustate
Previous by thread: Processed: Bug#21185: Reassigning to policy
Next by thread: take-over of xbattle and xmcpustate
Index(es):
- Date
- Thread