Bug#470994: marked as done (mail_spool default mode is 0660)

Sat, 15 Mar 2008 01:02:45 -0700 

Your message dated Sat, 15 Mar 2008 08:57:13 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Re: Bug#470994: mail_spool default mode is 0660
has caused the Debian Bug report #470994,
regarding mail_spool default mode is 0660
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
470994: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470994
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message --- 
Package: exim4-config

Hi,

The package's /etc/exim4/conf.d/transport/30_exim4-config_mail_spool
says:

  group = mail
  mode = 0660
  mode_fail_narrower = false

Why is this so, again? The manual says that the default is to use the Exim
group and mode 0600. I can't remember any reason why the mail group would be
necessary, for anything other than creating the dot locks in the /var/mail
directory, and that is allowed already by the directory permissions (it's
g+w mail).

I suppose using group 'mail' just makes sense, but why would we let the said
group read and write user mailboxes? I suppose there could be some software
that could need it, but if the common uses like mutt and dovecot don't need
it, and indeed it only serves for privilege escalations in those setups,
shouldn't the default be changed back to the more secure settings?

-- 
     2. That which causes joy or happiness.

--- End Message ---
--- Begin Message --- 
On Sat, Mar 15, 2008 at 01:27:25AM +0100, Josip Rodin wrote:
> The package's /etc/exim4/conf.d/transport/30_exim4-config_mail_spool
> says:
> 
>   group = mail
>   mode = 0660
>   mode_fail_narrower = false
> 
> Why is this so, again?

Policy 11.6, paragraph 4, a MUST directive.

Closing this bug.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190

--- End Message ---

Reply via email to