Date: Wed, 30 Oct 1996 17:35:50 -0800 (PST) From: Mark Crispin <MRC@Panda.COM> To: "Jordan K. Hubbard" <jkh@time.cdrom.com> Cc: chat@FreeBSD.org Subject: Re: /var/mail (was: re: Help, permission problems...) Message-ID: <MailManager.846725750.3853.mrc@Ikkoku-Kan.Panda.COM> In-Reply-To: <1817.846725320@time.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 30 Oct 1996 17:28:40 -0800, Jordan K. Hubbard wrote: > > 8) Don't allow cretins to use your system. > > Except that ISPs are in the business of delivering service to cretins. > It's right in the business plan. Yup, which is a reason (there are others) why security-conscious ISPs don't use mail spools. As long as you have a mail spool, you still give out some very important privacy information about the user -- a bad guy can learn how much mail some other other has, when it was last written and (depending upon the OS) even when it was last read. Oh, and while you're at it, be sure that you take away setuid/setgid permissions from the mailq program, or at least modify it so that J. Random User only sees the messages she has queued.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MailManager.846725750.3853.mrc>