Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 16 Apr 2004 00:49:24 -0700
From:      Kris Kennaway <kris@obsecurity.org>
To:        Radu MOLNAR <taipan@hawat.cc.ubbcluj.ro>
Cc:        Kris Kennaway <kris@obsecurity.org>
Subject:   Re: mail folder vulnerable
Message-ID:  <20040416074924.GA81037@xor.obsecurity.org>
In-Reply-To: <20040416103722.K33607@hawat.cc.ubbcluj.ro>
References:  <20040416095729.A16602@hawat.cc.ubbcluj.ro> <20040416072714.GA80802@xor.obsecurity.org> <20040416103722.K33607@hawat.cc.ubbcluj.ro>
next in thread | previous in thread | raw e-mail | index | archive | help 

--mP3DRpeJDSE+ciuQ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Apr 16, 2004 at 10:37:36AM +0300, Radu MOLNAR wrote:
> yes, i'm using pine from ports
>=20
> --------------------------------
> Radu Molnar
> Babes-Bolyai Comunication Center
> --------------------------------
>=20
>=20
> On Fri, 16 Apr 2004, Kris Kennaway wrote:
>=20
> > On Fri, Apr 16, 2004 at 09:58:31AM +0300, Radu MOLNAR wrote:
> > >
> > > Hello list
> > >
> > > pine gives me this message:
> > > [Folder vulnerable - directory /var/mail must have 1777 protection]
> > > why?
> > >
> > > ls -l in my home dir:
> > > drwx------   2 taipan  wheel       512 Apr 15 09:26 mail
> > >
> > > an ls -l in /var/mail:
> > > -rw-------  1 taipan  wheel  11089 Apr 16 09:52 taipan
> > >
> > > is this serious?
> >
> > I believe the error message is wrong on FreeBSD, and it should not be
> > there if you use the FreeBSD port.

You didn't ls -ld /var/mail; mode 1777 should not be needed on
FreeBSD, but perhaps you have incorrect permissions still.  Or, the
pine port could just be wrong (maybe I'm mis-remembering that the
warning was removed, or maybe it came back).

Kris

--mP3DRpeJDSE+ciuQ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAf5AEWry0BWjoQKURAljoAKDaQ3CajXgxtmwugoxnv/mEFd7rnwCglRo6
o9X5Go/NiKsw9DnJe5MTBfY=
=L039
-----END PGP SIGNATURE-----

--mP3DRpeJDSE+ciuQ--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040416074924.GA81037>