Date: Tue, 26 Jun 2001 14:28:53 +0300 From: Valentin Nechayev <netch@lucky.net> To: Leonard Chung <leonard@ssl.berkeley.edu> Cc: security@FreeBSD.ORG Subject: Re: "Correct" permissions on /var/mail? Message-ID: <20010626142853.B33308@lucky.net> In-Reply-To: <5.1.0.14.2.20010624140225.02d492f0@chung.yikes.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Sun, Jun 24, 2001 at 14:11:54, leonard wrote about ""Correct" permissions on /var/mail?": > I was having a debate with a colleague the other day on the correct mode > for /var/mail. He claimed that 1777 is more secure than what I've always > had (the FreeBSD default of root:mail 775). 1777 has the only advantage that it doesn't require sgid privileges for MUAs. But such solution is not less harmful due to new /tmp in /var/mail. Better variant is to fix MUA to use separate locking program (such as mutt-dotlock) or even get rid of /var/mail as ugly legacy. Keep all incoming mail in user's home and "your teeth will be white anf fluffy". > 1777 gives you the additional benefit of protecting you from compromises on > the mail group, but requires that on every machine quotas be installed even > for machines with just one or two users. Without quotas, a malicious user > could fill up /var/mail creating a DoS for everybody receiving mail off > that machine. 775 doesn't protect against compromises of the mail group, > but has the added benefit that it protects against a user filling /var/mail > inadvertently as they would have to purposely send lots of e-mail. Requirement to have /var/mail as separate partition is too hard for most applications. /netch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010626142853.B33308>