buf oflows, deal with 1777 spool, general DOS attack protection

1 files changed, 10 insertions, 1 deletions

diff --git a/libexec/mail.local/mail.local.8 b/libexec/mail.local/mail.local.8
index ed7263abb75..ee622409201 100644
--- a/libexec/mail.local/mail.local.8
+++ b/libexec/mail.local/mail.local.8
@@ -30,7 +30,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"	from: @(#)mail.local.8	6.8 (Berkeley) 4/27/91
-.\"	$Id: mail.local.8,v 1.2 1996/08/27 03:17:57 dm Exp $
+.\"	$Id: mail.local.8,v 1.3 1996/08/29 04:19:32 deraadt Exp $
 .\"
 .Dd April 27, 1991
 .Dt MAIL.LOCAL 8
@@ -77,6 +77,15 @@ A blank line is appended to each message.
 A greater-than character (``>'') is prepended to any line in the message
 which could be mistaken for a ``From '' delimiter line.
 .Pp
+Efforts have been made so that
+.Nm mail.local
+act as securely as possible if the spool directory modes are 1777 or 755.
+The default of 755 is more secure, but prevents mail clients from using all
+styles of locking.  The use of 1777 is more flexible in an NFS shared-spool
+environment, thus many sites use it. However it does carry some risks.
+The use of any mode besides 1777 and 755 for the spool directory is
+recommended against, but may work properly.
+.Pp
 By default, mailbox locking is done with
 .Nm username.lock
 files. However, if the