Date: Fri, 16 Apr 2004 01:38:28 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Radu MOLNAR <taipan@hawat.cc.ubbcluj.ro> Cc: Kris Kennaway <kris@obsecurity.org> Subject: Re: mail folder vulnerable Message-ID: <20040416083828.GA81799@xor.obsecurity.org> In-Reply-To: <20040416112949.Y7862@hawat.cc.ubbcluj.ro> References: <20040416095729.A16602@hawat.cc.ubbcluj.ro> <20040416072714.GA80802@xor.obsecurity.org> <20040416103722.K33607@hawat.cc.ubbcluj.ro> <20040416074924.GA81037@xor.obsecurity.org> <20040416112949.Y7862@hawat.cc.ubbcluj.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
--3V7upXqbjpZ4EhLz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Apr 16, 2004 at 11:31:27AM +0300, Radu MOLNAR wrote: > mode for /var/mail was 1775. It should be 0775. > i changed it to 1777 and i dont get the > message anymore. isn't 1777 a security risk? Not really, but it does allow people to store arbitrary files there, which you don't necessarily want. Mode 0775 is sufficient for FreeBSD since the MTA has permission to write to the directory by virtue of group membership. Kris --3V7upXqbjpZ4EhLz Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAf5uDWry0BWjoQKURAvg9AKCpPwZYaVvVXROeszySBvAlgVYKnACgw+8l GR2XcLMatbq4z0l6Ilsvr/I= =AB6x -----END PGP SIGNATURE----- --3V7upXqbjpZ4EhLz--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040416083828.GA81799>