Re: RfD: documentation for statically assigned uid and gid

[Josip Rodin <joy@cibalia.gkvk.hr>]

On Fri, Jun 02, 2000 at 10:19:03AM +1000, Herbert Xu wrote:
> What this all comes down to is whether the MDA has root privilege to begin
> with.  If it does, then it can switch to the user later on which means that
> the mail boxes can be 600.  If it doesn't, then it must be of group mail
> and the mail boxes must be 660.  AFAIK, all Debian MDA's are run as root
> by default.

procmail and deliver are, maildrop isn't, it's just setgid mail. I have
maildrop set up to run from ~/.forward and it works fine with my 600 $MAIL.

> Having a MDA sgid mail may be safer than running it as root, but it also
> opens a new security concern.  Since the group mail is overloaded with
> another meaning, i.e., mail readers use it to lock mail boxes.

Setgid mail on both MDAs and MUAs should be used just to lock mailboxes, not
to access other files with group mail. The MTA, which has root, should
invoke the MDA with the user and group IDs of the user it delivers mail to.
The $MAIL file, and any mailboxes (or maildirs) under $HOME are (should be)
owned and writable by the user, so the program has the writability it needs
with user's ID already.

-- 
Digital Electronic Being Intended for Assassination and Nullification