On Sat, Jan 23, 2016 at 08:31:09PM +0100, Ingo Schwarze wrote: > Hi, > > the smtpd(8) daemon supports "deliver to maildir" out of the box, > and even though putting the user maildirs below /var/mail/ is not > the default, it's one of many possible and logical choices, and i > see nothing wrong with it.
This was discussed several times before. The last one I remember is [1]. > Adam Wolk noticed on misc@ that currently security(8) doesn't > like that choice. I consider the complaint gratuitious and the > code to prevent it simple enough that i'd like to commit it. Personally, I think it makes sense to stay restrictive with the check in security and I moved away my maildirs from /var/mail years ago for this reason. Maybe it should be documented in hier(7) that only mbox is intended... [1] http://marc.info/?l=openbsd-misc&m=133460345221298&w=2 > Any OKs? > Ingo > > > Index: security > =================================================================== > RCS file: /cvs/src/libexec/security/security,v > retrieving revision 1.36 > diff -u -p -r1.36 security > --- security 21 Jul 2015 19:07:13 -0000 1.36 > +++ security 23 Jan 2016 19:09:21 -0000 > @@ -449,7 +449,7 @@ sub check_dot_writeable { > } > } > > -# Mailboxes should be owned by the user and unreadable. > +# Mailboxes should be owned by the user, and readable by the user only. > sub check_mailboxes { > my $dir = '/var/mail'; > nag !(opendir my $dh, $dir), "opendir: $dir: $!" and return; > @@ -464,7 +464,9 @@ sub check_mailboxes { > my $gname = (getgrgid $fgid)[0] // $fgid; > nag $fname ne $name, > "user $name mailbox is owned by $fname"; > - nag S_IMODE($mode) != (S_IRUSR | S_IWUSR), > + my $wantmode = S_IRUSR | S_IWUSR; > + $wantmode |= S_IXUSER if -d "$dir/$name"; > + nag S_IMODE($mode) != $wantmode, > sprintf 'user %s mailbox is %s, group %s', > $name, strmode($mode), $gname; > } >
