From owner-freebsd-questions@FreeBSD.ORG Fri Apr 16 01:27:52 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B1C916A4CE for ; Fri, 16 Apr 2004 01:27:52 -0700 (PDT) Received: from hawat.cc.ubbcluj.ro (Hawat.CC.UBBCluj.Ro [193.226.40.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5FEAA43D53 for ; Fri, 16 Apr 2004 01:27:51 -0700 (PDT) (envelope-from taipan@hawat.cc.ubbcluj.ro) Received: from hawat.cc.ubbcluj.ro (hawat [127.0.0.1]) by hawat.cc.ubbcluj.ro (8.12.11/8.12.11) with ESMTP id i3G8VSp4015042; Fri, 16 Apr 2004 11:31:28 +0300 (EEST) (envelope-from taipan@hawat.cc.ubbcluj.ro) Received: from localhost (taipan@localhost)i3G8VSOp015039; Fri, 16 Apr 2004 11:31:28 +0300 (EEST) (envelope-from taipan@hawat.cc.ubbcluj.ro) Date: Fri, 16 Apr 2004 11:31:27 +0300 (EEST) From: Radu MOLNAR To: Kris Kennaway In-Reply-To: <20040416074924.GA81037@xor.obsecurity.org> Message-ID: <20040416112949.Y7862@hawat.cc.ubbcluj.ro> References: <20040416095729.A16602@hawat.cc.ubbcluj.ro> <20040416103722.K33607@hawat.cc.ubbcluj.ro> <20040416074924.GA81037@xor.obsecurity.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-questions@freebsd.org Subject: Re: mail folder vulnerable X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Apr 2004 08:27:52 -0000 -------------------------------- Radu Molnar Babes-Bolyai Comunication Center -------------------------------- On Fri, 16 Apr 2004, Kris Kennaway wrote: > On Fri, Apr 16, 2004 at 10:37:36AM +0300, Radu MOLNAR wrote: > > yes, i'm using pine from ports > > > > -------------------------------- > > Radu Molnar > > Babes-Bolyai Comunication Center > > -------------------------------- > > > > > > On Fri, 16 Apr 2004, Kris Kennaway wrote: > > > > > On Fri, Apr 16, 2004 at 09:58:31AM +0300, Radu MOLNAR wrote: > > > > > > > > Hello list > > > > > > > > pine gives me this message: > > > > [Folder vulnerable - directory /var/mail must have 1777 protection] > > > > why? > > > > > > > > ls -l in my home dir: > > > > drwx------ 2 taipan wheel 512 Apr 15 09:26 mail > > > > > > > > an ls -l in /var/mail: > > > > -rw------- 1 taipan wheel 11089 Apr 16 09:52 taipan > > > > > > > > is this serious? > > > > > > I believe the error message is wrong on FreeBSD, and it should not be > > > there if you use the FreeBSD port. > > You didn't ls -ld /var/mail; mode 1777 should not be needed on > FreeBSD, but perhaps you have incorrect permissions still. Or, the > pine port could just be wrong (maybe I'm mis-remembering that the > warning was removed, or maybe it came back). > > Kris > mode for /var/mail was 1775. i changed it to 1777 and i dont get the message anymore. isn't 1777 a security risk?