From: Oliver Fuchs (oliverfuchsonlinehome.de)
Date: Fri Jul 01 2005 - 18:01:51 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Problem:
using procmail as local mailer sets the wrong permissions in /var/mail.

Scenario:

I am using OpenBSD 3.7 with sendmail Version 8.13.3:
 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
                NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG

and by using FEATURE(`local_procmail') Mlocal in sendmail.cf is:

Mlocal, P=/usr/local/bin/procmail, F=lsDFMAw5:/|qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
                T=DNS/RFC822/X-Unix,
                A=procmail -Y -a $h -d $u

Now I create a new user (adduser) e.g bob and send him from root an
email.
Looking at /var/mail/ shows me:
-rw-rw---- 1 bob wheel 853 Jul 2 00:30 bob

So after running /etc/security I receive:
        Checking mailbox ownership.
        user bob mailbox is -rw-rw----, group wheel

Disabling/not using FEATURE(`local_procmail') with sendmail.cf Mlocal:
Mlocal, P=/usr/libexec/mail.local, F=lsDFMAw5:/|qrmn9S, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
                T=DNS/RFC822/X-Unix,
                A=mail -d $u

and sending the new user an email from root /var/mail gives me:
-rw------- 1 bob wheel 853 Jul 2 00:30 bob

So /etc/security is not moaning anymore.

Question:
So my issue is that using procmail as local mailer sets the wrong
permissions.
Is this now less important and known or is it a security
risk?
And is the only way to avoid setting this permissions to change them in
/var/mail by hand?

Oliver
--
... don't touch the bang bang fruit

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]