[linux-security] Re: SUMMARY: Pine 4.02 and directory perms

[Glynn Clements <glynn sensei co uk>]

J. Paul Reed wrote:

> Proposed Solutions
> ==================
> 
> Force mail to be delivered in a user's home directory (like qmail does
> it); pine supposedly supports this, and this seemed the most popular for
> numerous reasons (quotas for that user are then enforced, no problems
> with this "feature," etc.).

This is fine if you don't mind preventing the use of all MUAs which
expects mail to live in <somedir>/<username>. Not so fine otherwise.

The quota issue is a red herring. There's no reason why you can't set
a quota on /var/spool/mail. In fact, it is often desirable to have
separate quotas for mail spools.

> If you're not pulling the mailspool over NFS, one solution is to leave
> /var/spool/mail 755, and select the "quell-lock-failure-warnings" in the
> pine setup;

This is fine if you don't mind preventing the use of all MDAs and MUAs
which insist on using dot-locking. Not so fine otherwise.

If you can count upon MDAs using both dot-locking and flock(), then
having /var/spool/mail mode 775, owned by root.mail should keep
everything happy.

> theoretically, nothing bad should happen, since a flock() does
> exist on a local machine. Step two to this solution: ignore it. ;-)

> Stay at 3.95(/6/7), which (at least for me) didn't have this problem.
> 
> Note that sgid-ing pine is NOT a secure/suitable option, as the program
> doesn't seem to be disigned for it, and doing so would make the hole even
> worse.

Yep.

The ideal approach would be for Pine to have the ability to use either
a `movemail' or a `lockfile' program, which was designed to be setgid
mail.

Without one of these, Pine is useless in any environment with
NFS-mounted mail spools.

-- 
Glynn Clements <glynn sensei co uk>