From 34925ba6f79e1071e608d07bb4abeb125150fa91 Mon Sep 17 00:00:00 2001
From: Gregory Neil Shapiro <gshapiro@FreeBSD.org>
Date: Fri, 24 May 2002 01:46:39 +0000
Subject: [PATCH] Add a new make.conf knob, SENDMAIL_MAP_PERMS, which specifies
 the permissions to use for alias and map database files built by
 /etc/mail/Makefile.  The default is 0640 to assist users in avoiding a file
 locking local denial of service.

MFC after:	1 day
		pending RE approval
---
 etc/mail/Makefile            | 6 ++++++
 share/examples/etc/make.conf | 5 +++++
 share/man/man5/make.conf.5   | 5 +++++
 3 files changed, 16 insertions(+)

diff --git a/etc/mail/Makefile b/etc/mail/Makefile
index 8a5a7ff6266e..1212cf9d0fbd 100644
--- a/etc/mail/Makefile
+++ b/etc/mail/Makefile
@@ -101,6 +101,9 @@ SENDMAIL?=		/usr/sbin/sendmail
 MAKEMAP?=		/usr/sbin/makemap
 M4?=			/usr/bin/m4
 
+# Permissions for generated maps
+SENDMAIL_MAP_PERMS?=	0640
+
 # Set a reasonable default
 .MAIN:	all
 
@@ -134,10 +137,12 @@ ${_f}:		${_f}.sample
 
 ${_f}.db:	${_f}
 	${MAKEMAP} ${SENDMAIL_MAP_TYPE} ${.TARGET} < ${.OODATE}
+	chmod ${SENDMAIL_MAP_PERMS} ${.TARGET}
 .endfor
 
 userdb.db:	userdb
 	${MAKEMAP} btree ${.TARGET} < ${.OODATE}
+	chmod ${SENDMAIL_MAP_PERMS} ${.TARGET}
 
 
 #
@@ -160,6 +165,7 @@ M4FILES!=	find ${SENDMAIL_CF_DIR} -type f -name '*.m4' -print
 #
 ${SENDMAIL_ALIASES}.db:	${SENDMAIL_ALIASES}
 	${SENDMAIL} -bi
+	chmod ${SENDMAIL_MAP_PERMS} ${.TARGET}
 
 #
 # ------------------------------------------------------------------------
diff --git a/share/examples/etc/make.conf b/share/examples/etc/make.conf
index eade21b2b8c2..db08016e6dac 100644
--- a/share/examples/etc/make.conf
+++ b/share/examples/etc/make.conf
@@ -301,3 +301,8 @@
 # information.
 #
 #SENDMAIL_SET_USER_ID=
+#
+# The permissions to use on alias and map databases generated using
+# /etc/mail/Makefile.  Defaults to 0640.
+#
+#SENDMAIL_MAP_PERMS=
diff --git a/share/man/man5/make.conf.5 b/share/man/man5/make.conf.5
index 47050d640fa8..d9fefa5fa033 100644
--- a/share/man/man5/make.conf.5
+++ b/share/man/man5/make.conf.5
@@ -567,6 +567,11 @@ and do not install
 Use of this flag is not recommended and the alternative advice in
 .Pa /etc/mail/README
 should be followed instead if at all possible.
+.It Va SENDMAIL_MAP_PERMS
+.Pq Vt str
+Mode to use when generating alias and map database files using
+.Pa /etc/mail/Makefile .
+The default value is 0640.
 .It Va WANT_FORCE_OPTIMIZATION_DOWNGRADE
 .Pq Vt int
 Causes the system compiler to be built such that it forces high optimization