Date: Thu, 17 Aug 2000 08:48:20 -0700 (PDT) From: "geniusj (Jason DiCioccio)" <w@nk.vg> To: Markus Holmberg <markush@acc.umu.se> Cc: freebsd-security@freebsd.org Subject: Re: Purpose of world being able to see the mail queue? Message-ID: <Pine.BSF.4.10.10008170847470.4762-100000@Mercury.unixrules.net> In-Reply-To: <20000817131804.A24557@acc.umu.se>
next in thread | previous in thread | raw e-mail | index | archive | help
Change it then :).. I don't think we need a global default change for this however.. It's not really a vulnerability and probably better left to the administrator to decide. -jd- On Thu, 17 Aug 2000, Markus Holmberg wrote: > Hi.. > > Recently I noticed that /var/log/maillog was stored world readable > and contains each messages sender and recipient information (at least > Postfix by default stores this, can't remember if Sendmail > does?). > > This isn't a big issue, but still I was surprised considering the > unnecessary exposure of details in the systems users mail communication. > I was about to ask why maillog wasn't stored as read/write for root only, > when I discovered that also the mail queue (using mailq) also was world > readable. This also seemed to be the case with the Linux and Solaris > systems I tested. > > I don't expect any mail transport node on the path to the destination to > expose the envelope information "unnecessarily" (although of course I can > absolutely not *assume* that), and therefore neither expect my own MTA > to do that.. (yes, I might have naive expectations, in that case I need > to fix them :)) > > What is the rationale behind having the MTA by default exposing > information on who the users on the system receive and send > mail to through the mail log and the message queue? > (The mail queue information seemed to be world viewable (with mailq) on > all Unix systems I tested.) > > I understand that the envelope information of a mail message can not > be considered private, but this seems like unnecessary exposure..? > > I'm interested in enlightenment/opinions on this subject :).. > > In a way I'm hesitating to send this out now, because I realize the > similarity of this issue with standard unix concepts. For example > "viewing who else is logged in", "viewing other users processes" etc > which are totally given in a Unix environment. But now when I think > about it, are even these really justified? > > Regards, Markus. > > -- > > Markus Holmberg | Give me Unix or give me a typewriter. > markush@acc.umu.se | http://www.freebsd.org/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10008170847470.4762-100000>