On Mon, 14 May 2001 04:24:10 EDT, Casper Dik writes: > > By forcing a file permission of 600 on mailboxes, group mail should not > gain you anything. Under some older Solaris releases (e.g., including 2.5.1), the /etc/mail directory belongs to group mail and is group-writable, by default; that'll gain you plenty. Sun has fixed this in recent releases, but if you're running a backrev OS, it would be wise to "chmod g-w /etc/mail" (or remove the setgid bit from all utilities in group mail). /var/mail/:saved is also writable by group mail by default--even under Solaris 8. (/bin/[r]mail allegedly uses this directory "for holding temp files to prevent loss of data in the event of a system crash"; does it do so safely, or might gaining gid-mail open up symlink attacks?) -- Dan Astoorian People shouldn't think that it's better to have Sysadmin, CSLab loved and lost than never loved at all. It's djastat_private not, it's better to have loved and won. All www.cs.toronto.edu/~djast/ the other options really suck. --Dan Redican
This archive was generated by hypermail 2b30 : Tue May 15 2001 - 15:52:28 PDT