Re: mailbox vulnerability?

["Chris K. Young" <cky_(_at_)_pobox_(_dot_)_com>]

Quoted from tdemarti:
> I'm running pine on an OpenBSD box that has only a local disk (no NFS).

Good, then you don't need dot locking. It's only under NFS, where there
is no other reliable locking mechanism, that dot locking is useful.

> Pine tells me there are two things I can do,
> "quell-lock-failure-warnings", or chmod 1777 /var/mail.

For ``obvious'' reasons, I wouldn't recommend the latter.

>        It says that quell-lock-failure-warnings will have it use system
> call file locking instead, but judging from the name of the feature it
> sounds like it just doesn't report the error.

I don't use pine myself, but I suspect that it just shuts up about not
being able to make dotfiles. Other locking mechanisms, like flock(),
should still be honoured.

But I'll let some pine users give an authoritative answer on that one.

If you really really want to use dotlocking, consider:

1. making /var/mail owned by group ``mail'', with permissions 0775
   (this is less secure than the default setup of 0755, but some find
   it reasonable).

2. making pine use mutt-dotlock, or something similar. mutt-dotlock
   is a setgid program that comes with mutt, that handles dot-locking.

>                                                                    Do I
> have to worry about a malicious user creating a file of the same name of
> the mailbox to be created and somehow getting permissions to the mailbox
> that way, or when the first mail comes in will it delete the non-mailbox
> file?

If your local delivery program is worth a salt (e.g., procmail), it
will check the ownership of the mailbox before delivering to it.
``Bogus'' mailboxes get moved out of the way.

	---Chris K.
-- 
 Chris, the Young One |_ If you can't afford a backup system, you can't 
  Auckland, New Zealand |_ afford to have important data on your computer. 
http://cloud9.hedgee.com/ |_ ---Tracy R. Reed