Date: Tue, 9 Apr 1996 23:47:23 -0700 (PDT) From: "Rodney W. Grimes" <rgrimes@GndRsh.aac.dev.com> To: peter@jhome.DIALix.COM (Peter Wemm) Cc: current@freebsd.org Subject: Re: /var/mail default permissions?? Message-ID: <199604100647.XAA15909@GndRsh.aac.dev.com> In-Reply-To: <199604100556.NAA03118@jhome.DIALix.COM> from Peter Wemm at "Apr 10, 96 01:56:20 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> I thought /var/mail was supposed to be mode 1777 on BSD systems?? Not according to the Sendmail BAT book... Also see revsions 1.10 and 1.11 of src/etc/mtree/BSD.var.dist... > mail.local was designed to work in that scenario and has specific code to make > sure it's secure.. (granted, the net-2 mail.local may not have been solid, but > the 4.4BSD mail.local has been secure since the encumbered release and later > in the Lite releases) Though mail.local can be sure it does safe things in there, making this world writeable allows a very easy denial of service attack: cat /dev/zero >/var/mail/bigone (no noone can get mail on the system :-(). Which then would probably stop syslogd logging... (but then, they could do this with /var/tmp too (a good reason to move /var/tmp out of the /var partition if you want to make sure your logging can not easily be defeated by filling /var up.) -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Reliable computers for FreeBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604100647.XAA15909>