From owner-freebsd-security  Sun Jun 24 23:31:11 2001
Delivered-To: freebsd-security@freebsd.org
Received: from albatross.prod.itd.earthlink.net (albatross.mail.pas.earthlink.net [207.217.120.120])
	by hub.freebsd.org (Postfix) with ESMTP id 4E7D837B401
	for <freebsd-security@FreeBSD.ORG>; Sun, 24 Jun 2001 23:31:09 -0700 (PDT)
	(envelope-from cjc@earthlink.net)
Received: from blossom.cjclark.org (dialup-209.247.139.131.Dial1.SanJose1.Level3.net [209.247.139.131])
	by albatross.prod.itd.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id XAA17320;
	Sun, 24 Jun 2001 23:30:39 -0700 (PDT)
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.4/8.11.3) id f5P6VsB18347;
	Sun, 24 Jun 2001 23:31:54 -0700 (PDT)
	(envelope-from cjc)
Date: Sun, 24 Jun 2001 23:31:54 -0700
From: "Crist J. Clark" <cristjc@earthlink.net>
To: faSty <fasty@i-sphere.com>
Cc: Leonard Chung <leonard@ssl.berkeley.edu>,
	freebsd-security@FreeBSD.ORG
Subject: Re: "Correct" permissions on /var/mail?
Message-ID: <20010624233154.N11961@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <5.1.0.14.2.20010624140225.02d492f0@chung.yikes.com> <20010624141322.A77852@i-sphere.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010624141322.A77852@i-sphere.com>; from fasty@i-sphere.com on Sun, Jun 24, 2001 at 02:13:22PM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Sun, Jun 24, 2001 at 02:13:22PM -0700, faSty wrote:
> Yes, the FreeBSD default 775 on /var/mail but my email server kept complain
> stated /var/mail is security potiental so i had to set 1777 to shut the email
> server up. It seems safe no security expliot lately on my shell server with
> 20 hardcore shell customers.
> 
> PS. This is going interesting topic discuss.. Im forwarding hear other people's
> opinion. 

I'm not. Devolves into a religious war. I just had to sit through one
of these on another mailing list. If you want to see some opinions on
this go to this link,

  http://www.securityfocus.com/archive/1/184210

And follow the thread it started (click "Thread Index" at the top of
the frame and look for the side threads it started too, "Mail delivery
privileges").

No need to start this here.
-- 
Crist J. Clark                           cjclark@alum.mit.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message