Re: should /var/spool/mail/ have a the sticky bit set? ...

Fri, 30 Mar 2001 17:52:43 -0600 

On Fri, Mar 30, 2001 at 11:16:37AM -0500, Walter Tautz wrote:
> i am getting mailbox locking problems
> here is an 
> 
> strace mail
> 
> <SNIP>
> 
> open("/var/spool/mail/<myhostname>.cf86b", 
> O_WRONLY|O_CREAT|O_TRUNC|O_EXCL|O_SYNC, 0) = -1 EACCES
> (Permission denied)
[snip]
> 
> 
> ls -l /var/spool/mail
> drwxrwsr-x    2 root     mail         4096 Mar 30 11:13 ./
> 
> On Solaris and /var/mail has a sticky bit set 
> ls -ald /var/mail/
> drwxrwxrwt   3 root     mail         1024 Mar 30 11:15 /var/mail/
> 

the problem is you updated to the mailx package in
security.debian.org, the old one had a security hole that allowed
users to get gid=mail.  since mailx's code is a pile of crap as far as
security is concerned debian (and some other distros) just said hell
with it and removed the setgid bit altogether.  this means mail can
only be used to send mail and not read it (well you can read it, but
not delete or write the mailbox in any way) 

solaris is just using a world writable maildrop which of course needs
the sticky bit.  world writable maildrops eliminate the need for
setgid mail programs but introduce many ways for users to be
annoying/malicious.  if you change the permissions on /var/mail to
1777 then mailx will work, but i don't really recommend this.  get a
Real Mailer like mutt.  

the sticky bit has nothing to do with the problem you are having, the
problem is mail has no write permission to /var/mail since its no
longer setgid mail.  i do recommend having the sticky bit set on
/var/mail anyway since it reduces the severity of a gid=mail exploit
significantly -- a gid=mail exploit just effectivly turns your
/var/mail into the solaris style world writable /var/mail.  except
this is dependent on your MTA, sendmail and exim are broken in that
they insist on creating mailspools mode 660 group=mail which means any
gid=mail exploit compromises every single user's mail spool.  i prefer
postfix which creates mailspools mode 600 group=mail.  

using postfix + mode 3775 /var/mail makes a gid=mail exploit quite
uninteresting.  given the number of setgid mail programs i don't want
to rely on 2775 root.mail being secure.  

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgp99cnlHfGan.pgp
Description: PGP signature

Reply via email to