Henning Brauer <[email protected]> wrote: >* Craig R. Skinner <[email protected]> [2013-12-19 10:18]: >> On 2013-12-18 Wed 20:48 PM |, J??r??mie Courr??ges-Anglas wrote: >> > [email protected] (Craig R. Skinner) writes: >> > > On 2013-12-18 Wed 15:54 PM |, Stuart Henderson wrote: >> > >> > > > > Check the security of /var/mail/dirs similar to >/var/mail/boxes: >> > >> > > >> > >> >> > >> Indeed, but security(8) really reflects things in the base OS, >> > >> >> > > >> > > smtpd.conf(8) >> > > deliver to maildir path >> > > Mail is added to a maildir. Its location, path, may >> > > contain format specifiers that are expanded before use >> > > >> > > >> > > Therefore: ... deliver to maildir /var/mail/%{user.username} >> > "Therefore"? How so? What's the logic, here? >> THEREFORE software in base can deliver to maildir in /var/mail > >THEREFORE software in base can also deliver mail to >/omgohmymail/pr0n/$uid - does that mean we check it in security? > >The question is rather wether Maildirs in /var/mail are a common >enough setup to warrant a check in security.
I totally agree with Henning here. That said, I ended up putting my Maildirs in /var/maildir because of this, so I for one wouldn't object. /Alexander
