Re: security(8) check maildir as well as mailbox permissions

[David Gwynne]

On 20 Dec 2013, at 2:56 am, Alexander Hall <alexan...@beard.se> wrote:

> 
> 
> Henning Brauer <lists-openbsdt...@bsws.de> wrote:
>> * Craig R. Skinner <skin...@britvault.co.uk> [2013-12-19 10:18]:
>>> On 2013-12-18 Wed 20:48 PM |, J??r??mie Courr??ges-Anglas wrote:
>>>> skin...@britvault.co.uk (Craig R. Skinner) writes:
>>>>> On 2013-12-18 Wed 15:54 PM |, Stuart Henderson wrote:
>>>>>>>>>> Check the security of /var/mail/dirs similar to
>> /var/mail/boxes:
>>>>>>>> 
>>>>>> 
>>>>>> Indeed, but security(8) really reflects things in the base OS,
>>>>>> 
>>>>> 
>>>>> smtpd.conf(8)
>>>>>   deliver to maildir path
>>>>>           Mail is added to a maildir.  Its location, path, may
>>>>>           contain format specifiers that are expanded before use
>>>>> 
>>>>> 
>>>>> Therefore: ... deliver to maildir /var/mail/%{user.username}
>>>> "Therefore"?  How so?  What's the logic, here?
>>> THEREFORE software in base can deliver to maildir in /var/mail
>> 
>> THEREFORE software in base can also deliver mail to
>> /omgohmymail/pr0n/$uid - does that mean we check it in security?
>> 
>> The question is rather wether Maildirs in /var/mail are a common
>> enough setup to warrant a check in security.
> 
> I totally agree with Henning here.
> 
> That said, I ended up putting my Maildirs in /var/maildir because of this, so 
> I for one wouldn't object.

i also put maildirs in /var/maildir...

> 
> /Alexander
>