From owner-freebsd-security  Fri Feb 22 15:25:35 2002
Delivered-To: freebsd-security@freebsd.org
Received: from obsecurity.dyndns.org (adsl-64-169-107-10.dsl.lsan03.pacbell.net [64.169.107.10])
	by hub.freebsd.org (Postfix) with ESMTP id 5621037B416
	for <freebsd-security@FreeBSD.ORG>; Fri, 22 Feb 2002 15:25:30 -0800 (PST)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id D8E1B66C32; Fri, 22 Feb 2002 15:25:29 -0800 (PST)
Date: Fri, 22 Feb 2002 15:25:29 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: =?iso-8859-1?Q?Milon_Papez=EDk?= <Milon.Papezik@oskarmobil.cz>
Cc: 'Matthew Dillon' <dillon@apollo.backplane.com>,
	"'freebsd-security@freebsd.org'" <freebsd-security@FreeBSD.ORG>
Subject: Re: RE: Third /tmp location ?
Message-ID: <20020222152529.A16356@xor.obsecurity.org>
References: <B57AF59C8ABFD411BBE000508BF300F303B70634@wh01ex01.oskarmobil.cz>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="EVF5PPMfhYS0aIcm"
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <B57AF59C8ABFD411BBE000508BF300F303B70634@wh01ex01.oskarmobil.cz>; from Milon.Papezik@oskarmobil.cz on Sat, Feb 23, 2002 at 12:13:55AM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--EVF5PPMfhYS0aIcm
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Feb 23, 2002 at 12:13:55AM +0100, Milon Papez=EDk wrote:
> Hi,
>=20
> I simply installed 4.5R from ISO image with separate /, /usr, /var and
> /home.
>=20
> After some configuration I run automated security check (script)
> and it reported 3rd world writable directory /usr/tmp.
> That was quite a surprise to me, especially with respect
> to the debate over it some time ago on this list.

Hmm.. there are faint bells ringing in my head somewhere which are
telling me it might be something to do with pkg_add: I think I've seen
this once or twice before, but it didn't bother me enough to track it
down.  It's pretty likely I'm just randomly associating but if anyone
is looking into this it might be something to check.

Kris

--EVF5PPMfhYS0aIcm
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8dtNpWry0BWjoQKURAjwmAKCzcSZVJj1X2NLeZ1SdRNa9x1sT7gCguUhx
tSGchzuVAZ3k4Iy6Uf2kdIE=
=BsBi
-----END PGP SIGNATURE-----

--EVF5PPMfhYS0aIcm--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message