Bug#24772: debian-policy: mailboxes with perm 660
Package: debian-policy
Version: 2.4.1.2
-- BEGIN --
On Mon, Jul 13, 1998 at 06:01:31PM +0200, Santiago Vila wrote:
>
> On Mon, 13 Jul 1998, Herbert Xu wrote:
>
> > Package: procmail
> > Version: 3.10.7-6
> >
> > It seems that procmail is creating mailboxes with mode 660 (the MTA is
> > sendmail) and this is quite insecure as security holes in MUA's could lead
> > to private emails being accessed by unauthorised individuals. The correct
> > mode is of course 600.
>
> I don't know what you mean with "of course" but policy says:
>
> 4.5 Mail transport agents
>
> [...]
>
> Mailboxes are generally 660 user.mail unless the user has chosen
> otherwise.
OK, can someone provide that rationale for this please? It seems completely
broken to me.
-- END --
Since nobody has given a good enough reason for the suggestion in the policy,
I'm filing this bug report.
-- System Information
Debian Release: 2.0
Kernel Version: Linux gondor 2.0.34 #2 Sun Jun 21 15:45:18 EST 1998 i486 unknown
--
To UNSUBSCRIBE, email to debian-qa-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: