[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Mail semantics: mail group, permissions, MTA/MDA suid/sgid and the like



Hi,

Red Hat/Fedora mail delivery is not using the sticky-bit method, but
works with the mail group idiom.

Does anyone have a good design document of the latter somewhere? I
couldn't find anything detailed on the net and some parts I had to try
find out experimentally (which, if I'm triggering a bug, may be
wrong). So, I'm writing a few bits together and will make that a wiki
page out of it, when some open questions are filled out.

OK, the basic given is that /var/mail is 0775 root:mail which means
that only root and group mail can write into it, which includes
dotlocking. The system mbox are owned by the user and are group
mail. Furthermore the blessed locking mechanisms are fcntl and
dotlock.

Questions:

a) Does every MDA and MUA need to do both locking mechanisms or is
   dotlocking the fallback to fcntl? The latter would be an issue, so
   it should probably be both for every MDA/MUA.

b) What are the proper permissions for the system mboxes 0600 or 0660?
   The latter implies that group mail can do nasty things.

c) Under which group should an MDA run as?

   If the system mbox has not been created yet, it needs to be running
   as group mail. Also if dotlocking is required the MDA again needs
   to be running as group mail, or needs to have an external sgid
   dotlocking program (like procmail does).

   If the MDA allows external programs like .forward/procmail/maildrop
   the user can effectively become group mail whenever he wants. If the
   system mboxes are mode 0660 this is devastating.

I think the answers are

a) both
b) 0600
c) <user>:mail

In that case any MTA/MDA using 0660 is broken which includes at least exim.
-- 
Axel.Thimm at ATrpms.net

Attachment: pgp2LZJm6FzQD.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]