Date: Sat, 13 Jan 2001 09:50:40 -0500 (EST) From: Matt Piechota <piechota@argolis.org> To: Christian Weisgerber <naddy@mips.inka.de> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Majordomo lists security Message-ID: <Pine.BSF.4.21.0101130948060.14541-100000@cithaeron.bsdonline.org> In-Reply-To: <93phq4$1q24$1@kemoauc.mips.inka.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 13 Jan 2001, Christian Weisgerber wrote: > > I was notably concerned when I saw the administrative password > > for each list stored clear text in a predictable world readable > > file/directory. :-) > > You may get away with o-r on the .config files (aren't they already?), > but the subscriber list itself must remain world-readable. Is this for sendmail itself? Sendmail runs as root (which isn't good, except in this case), so it can read anything it wants, regardless of permissions. Or am I mistaken somewhere? -- Matt Piechota http://www.emailempire.com/~piechota To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0101130948060.14541-100000>