This is another long-standing proposed patch (since July of last year) that didn't receive much comment.
Russ Allbery <r...@debian.org> writes: > Josip Rodin <j...@debbugs.entuzijast.net> writes: >> On Sat, Jul 05, 2008 at 04:26:25PM -0700, Russ Allbery wrote: >>> Here is a proposed change to loosen this requirement. Please comment. >>> One concern that I have with allowing either permission scheme is that >>> if an MUA needs to recreate the spool file, how should it know what >>> permissions to use? >> I guess we should grep the sources of a few MUAs (and MDAs) to see what >> they do. In the meantime, the new phrasing is still much better than >> the current text :) > If someone has time to do that investigation, I think that would be very > worthwhile. I'm going to take Josip's note there as a second, but so far as I know, no one has yet done the research to check mailbox recreation. I don't feel like that's necessary in advance of this change, but it would be nice. This is a ping for this proposed change for additional seconds or objections. It would relax the requirement in Policy that mail spool files be mode 0660 and permit them to be mode 0600 if the MDA system used does deliveries as the user. > --- a/policy.sgml > +++ b/policy.sgml > @@ -8062,12 +8062,27 @@ > http://localhost/doc/<var>package</var>/<var>filename</var> > </p> > > <p> > - Mailboxes are generally mode 660 > - <tt><var>user</var>:mail</tt> unless the system > - administrator has chosen otherwise. A MUA may remove a > - mailbox (unless it has nonstandard permissions) in which > - case the MTA or another MUA must recreate it if needed. > - Mailboxes must be writable by group mail. > + Mailboxes are generally either mode 600 and owned by > + <var>user</var> or mode 660 and owned by > + <tt><var>user</var>:mail</tt><footnote> > + There are two traditional permission schemes for mail spools: > + mode 600 with all mail delivery done by processes running as > + the destination user, or mode 660 and owned by group mail with > + mail delivery done by a process running as a system user in > + group mail. Historically, Debian required mode 660 mail > + spools to enable the latter model, but that model has become > + increasingly uncommon and the principle of least privilege > + indicates that mail systems that use the first model should > + use permissions of 600. If delivery to programs is permitted, > + it's easier to keep the mail system secure if the delivery > + agent runs as the destination user. Debian Policy therefore > + permits either scheme. > + </footnote>. The local system administrator may choose a > + different permission scheme; packages should not make > + assumptions about the permission and ownership of mailboxes > + unless required (such as when creating a new mailbox). A MUA > + may remove a mailbox (unless it has nonstandard permissions) in > + which case the MTA or another MUA must recreate it if needed. > </p> > > <p> -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
