Date: Thu, 17 Aug 2000 13:18:04 +0200 From: Markus Holmberg <markush@acc.umu.se> To: freebsd-security@freebsd.org Subject: Purpose of world being able to see the mail queue? Message-ID: <20000817131804.A24557@acc.umu.se>
next in thread | raw e-mail | index | archive | help
Hi.. Recently I noticed that /var/log/maillog was stored world readable and contains each messages sender and recipient information (at least Postfix by default stores this, can't remember if Sendmail does?). This isn't a big issue, but still I was surprised considering the unnecessary exposure of details in the systems users mail communication. I was about to ask why maillog wasn't stored as read/write for root only, when I discovered that also the mail queue (using mailq) also was world readable. This also seemed to be the case with the Linux and Solaris systems I tested. I don't expect any mail transport node on the path to the destination to expose the envelope information "unnecessarily" (although of course I can absolutely not *assume* that), and therefore neither expect my own MTA to do that.. (yes, I might have naive expectations, in that case I need to fix them :)) What is the rationale behind having the MTA by default exposing information on who the users on the system receive and send mail to through the mail log and the message queue? (The mail queue information seemed to be world viewable (with mailq) on all Unix systems I tested.) I understand that the envelope information of a mail message can not be considered private, but this seems like unnecessary exposure..? I'm interested in enlightenment/opinions on this subject :).. In a way I'm hesitating to send this out now, because I realize the similarity of this issue with standard unix concepts. For example "viewing who else is logged in", "viewing other users processes" etc which are totally given in a Unix environment. But now when I think about it, are even these really justified? Regards, Markus. -- Markus Holmberg | Give me Unix or give me a typewriter. markush@acc.umu.se | http://www.freebsd.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000817131804.A24557>