Ingo Schwarze
2016-01-23 19:31:09 UTC
Hi,
the smtpd(8) daemon supports "deliver to maildir" out of the box,
and even though putting the user maildirs below /var/mail/ is not
the default, it's one of many possible and logical choices, and i
see nothing wrong with it.
Adam Wolk noticed on misc@ that currently security(8) doesn't
like that choice. I consider the complaint gratuitious and the
code to prevent it simple enough that i'd like to commit it.
Any OKs?
Ingo
Index: security
===================================================================
RCS file: /cvs/src/libexec/security/security,v
retrieving revision 1.36
diff -u -p -r1.36 security
--- security 21 Jul 2015 19:07:13 -0000 1.36
+++ security 23 Jan 2016 19:09:21 -0000
@@ -449,7 +449,7 @@ sub check_dot_writeable {
}
}
-# Mailboxes should be owned by the user and unreadable.
+# Mailboxes should be owned by the user, and readable by the user only.
sub check_mailboxes {
my $dir = '/var/mail';
nag !(opendir my $dh, $dir), "opendir: $dir: $!" and return;
@@ -464,7 +464,9 @@ sub check_mailboxes {
my $gname = (getgrgid $fgid)[0] // $fgid;
nag $fname ne $name,
"user $name mailbox is owned by $fname";
- nag S_IMODE($mode) != (S_IRUSR | S_IWUSR),
+ my $wantmode = S_IRUSR | S_IWUSR;
+ $wantmode |= S_IXUSER if -d "$dir/$name";
+ nag S_IMODE($mode) != $wantmode,
sprintf 'user %s mailbox is %s, group %s',
$name, strmode($mode), $gname;
}
the smtpd(8) daemon supports "deliver to maildir" out of the box,
and even though putting the user maildirs below /var/mail/ is not
the default, it's one of many possible and logical choices, and i
see nothing wrong with it.
Adam Wolk noticed on misc@ that currently security(8) doesn't
like that choice. I consider the complaint gratuitious and the
code to prevent it simple enough that i'd like to commit it.
Any OKs?
Ingo
Index: security
===================================================================
RCS file: /cvs/src/libexec/security/security,v
retrieving revision 1.36
diff -u -p -r1.36 security
--- security 21 Jul 2015 19:07:13 -0000 1.36
+++ security 23 Jan 2016 19:09:21 -0000
@@ -449,7 +449,7 @@ sub check_dot_writeable {
}
}
-# Mailboxes should be owned by the user and unreadable.
+# Mailboxes should be owned by the user, and readable by the user only.
sub check_mailboxes {
my $dir = '/var/mail';
nag !(opendir my $dh, $dir), "opendir: $dir: $!" and return;
@@ -464,7 +464,9 @@ sub check_mailboxes {
my $gname = (getgrgid $fgid)[0] // $fgid;
nag $fname ne $name,
"user $name mailbox is owned by $fname";
- nag S_IMODE($mode) != (S_IRUSR | S_IWUSR),
+ my $wantmode = S_IRUSR | S_IWUSR;
+ $wantmode |= S_IXUSER if -d "$dir/$name";
+ nag S_IMODE($mode) != $wantmode,
sprintf 'user %s mailbox is %s, group %s',
$name, strmode($mode), $gname;
}