Re: Possible mail spool problem

From: CyberPsychotic (mlistsat_private)
Date: Thu Nov 05 1998 - 21:02:10 PST

Next message: Paolo Amendola: "Re: another /usr/dt/bin/dtappgather feature!"

Previous message: Pierre Belanger: "Re: Communicator 4.5 stores EVERY mail-password in preferences.js"
Maybe in reply to: signal: "Possible mail spool problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

~ Following installation of suse 5.1, the setup software sets the mail spool
~ directory world writable, which has a potential of causing some security
~ problems.  although I have checked alot of possible forms of exploiting
~ this, there is probably some I have missed.  removing the o+w bit from the
~ directory will surely solve the problems.
~

They should have sticky bit set there as well (I don't have suse anywhere
around so can not check). However, many lattest mail clients (such as pine
3.96 and latter,procmail) attempt to create lock file in /var/spool/mail,
one of solutions for this problem would be to make this dir world writable
and sticky bit -- on.


Fyodor

Next message: Paolo Amendola: "Re: another /usr/dt/bin/dtappgather feature!"
Previous message: Pierre Belanger: "Re: Communicator 4.5 stores EVERY mail-password in preferences.js"
Maybe in reply to: signal: "Possible mail spool problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:20 PDT