>Date: Sat, 24 May 1997 12:19:36 -0700
>From: "Erik E. Fair" (Time Keeper) <fair@clock.org>

>We need to be consistent about system mailbox locking. If we want to use
>link ('dot') locking, then the directory has to be writable by mere mortals
>(and we gotta modify the mtree stuff). If we decide that flock(2) is The
>Way, then the permissions that /var/mail comes with are just fine, since
>only mail.local will be creating files in there. Just using flock(2) will
>mean that locking won't work on NFS'd /var/mail partitions, but NFS-based
>locks never did work anyway, so only very foolish people actually NFS their
>/var/mail partitions...

Uh, what?  Dot-locking should work just fine on NFS partitions.

>Either way, Mail(1) needs to be fixed.

I proposed a while ago that we make mail(1) setgid, like SYSV does.
However, before we can do that we need to verify that mail(1) is
setgid-safe, i.e. it doesn't suffer from buffer overflow problems &c.
I made an intial scan and plugged some holes, but I'm sure I didn't
get them all.  Until that is done, making mail(1) setgid-mail is
unsafe.
-- 
Mike Long <mikel@shore.net>                http://www.shore.net/~mikel
"Every normal man must be tempted at times to spit on his hands,
hoist the black flag, and begin slitting throats." -- H.L. Mencken