Vincent Lefevre wrote in <20200512004344.ga175...@zira.vinc17.org>: |On 2020-05-11 20:38:19 +0200, Steffen Nurpmeso wrote: |> Vincent Lefevre wrote in |> <20200510204809.ga71...@zira.vinc17.org>: |>|Related to commit 7bd57bc3c24adf97f1f57bd6bb2fd18347f8cbbd, is |>|dotlocking still used nowadays? |> |> I find yes. Or at least last i looked, some MTAs aka MDA or |> whatever the right name is (LDA? postfix |> (configurable), i think OpenBSDs mail.local (which saw heavy |> modifications lately though)) create these files, | |OK, but it seems that all of them support fcntl locking. Under Debian, |procmail, postfix and exim seem to use both by default. Concerning |procmail, it is provided with a setgid /usr/bin/lockfile. For postfix, |its documentation says: | | Note: The dotlock method requires that the recipient UID or GID has | write access to the parent directory of the mailbox file. | |So it seems that dotlocking does not always work.
Well, for my MUA i propagated a >2 decade old piece of code to a different and standalone context, made it SETUID, and happily introduced a local root CVE. That is doable. |> and then i think it seems sensible to embed in this locking |> strategy. That is what i use for my MUA, though on OpenBSD, MacOS |> and some others (Fedora at least) OPT_DOTLOCK is disabled, and on |> Debian the maintainer has made the dotlock helper a SETGID instead |> of a SETUID program, which should be enough for the plain Debian |> mailspool, however. | |Yes, because the group can write into it: | |drwxrwsr-x 2 root mail 4096 2020-05-10 22:22:08 /var/mail/ | |Now, even if dotlocking isn't dropped, I don't think that it |should be mandatory. IMHO, | * one should be able to specify the location of the dotlock program | at run time (so that non-root users could install a more recent | version of Mutt in their home directory); A real problem. #?0|kent:src$ ll /usr/local/libexec/s-nail-dotlock -r-sr-xr-x 1 root users 50520 Aug 18 2019 /usr/local/libexec/s-nail-dotlock* #?0|kent:src$ ll /usr/local/bin/s-nail -rwxr-xr-x 1 steffen steffen 4883544 Apr 26 03:01 /usr/local/bin/s-nail* | * one should be able to use dotlocking in an optional way, i.e. | just as an additional security, in addition to fcntl: if there | is no sufficient directory permission to create a lock file, | then ignore dotlocking and just rely on fcntl (which should be | fine for most users). I mean fcntl is more than enough, sure. It is just that i think (my MUA allows setting "dotlock-disable") that if you live on a system where your local MDA uses fcntl+dotlock then you should embed in fcntl+dotlock. The situation as you find it on multiple systems is that the MDA is configured to use dotlock by default (like i said, postfix release does by default unless my memory fools me, OpenBSD mail.local also did i think), but user software, and if only through packager decisions, just does not care. Too many captains, too few soldiers, maybe. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
