[2061] in linux-security and linux-alert archive
[linux-security] Re: SUMMARY: Pine 4.02 and directory perms
daemon@ATHENA.MIT.EDU (Glynn Clements)
Tue Aug 25 08:30:30 1998
From: Glynn Clements <glynn@sensei.co.uk>
Date: Tue, 25 Aug 1998 08:40:26 +0100 (BST)
To: "J. Paul Reed" <preed@verinet.com>
Cc: linux-security@redhat.com
In-Reply-To: <Pine.LNX.4.02A.9808242238060.309-100000@localhost>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
J. Paul Reed wrote:
> Proposed Solutions
> ==================
>
> Force mail to be delivered in a user's home directory (like qmail does
> it); pine supposedly supports this, and this seemed the most popular for
> numerous reasons (quotas for that user are then enforced, no problems
> with this "feature," etc.).
This is fine if you don't mind preventing the use of all MUAs which
expects mail to live in <somedir>/<username>. Not so fine otherwise.
The quota issue is a red herring. There's no reason why you can't set
a quota on /var/spool/mail. In fact, it is often desirable to have
separate quotas for mail spools.
> If you're not pulling the mailspool over NFS, one solution is to leave
> /var/spool/mail 755, and select the "quell-lock-failure-warnings" in the
> pine setup;
This is fine if you don't mind preventing the use of all MDAs and MUAs
which insist on using dot-locking. Not so fine otherwise.
If you can count upon MDAs using both dot-locking and flock(), then
having /var/spool/mail mode 775, owned by root.mail should keep
everything happy.
> theoretically, nothing bad should happen, since a flock() does
> exist on a local machine. Step two to this solution: ignore it. ;-)
> Stay at 3.95(/6/7), which (at least for me) didn't have this problem.
>
> Note that sgid-ing pine is NOT a secure/suitable option, as the program
> doesn't seem to be disigned for it, and doing so would make the hole even
> worse.
Yep.
The ideal approach would be for Pine to have the ability to use either
a `movemail' or a `lockfile' program, which was designed to be setgid
mail.
Without one of these, Pine is useless in any environment with
NFS-mounted mail spools.
--
Glynn Clements <glynn@sensei.co.uk>
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null