From owner-freebsd-security Thu Aug 17 8:48:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from Mercury.unixrules.net (Mercury.unixrules.net [216.65.46.2]) by hub.freebsd.org (Postfix) with SMTP id 24EF537B6A7 for ; Thu, 17 Aug 2000 08:48:19 -0700 (PDT) Received: (qmail 6630 invoked by uid 1070); 17 Aug 2000 15:48:20 -0000 Date: Thu, 17 Aug 2000 08:48:20 -0700 (PDT) From: "geniusj (Jason DiCioccio)" X-Sender: w@Mercury.unixrules.net To: Markus Holmberg Cc: freebsd-security@freebsd.org Subject: Re: Purpose of world being able to see the mail queue? In-Reply-To: <20000817131804.A24557@acc.umu.se> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Change it then :).. I don't think we need a global default change for this however.. It's not really a vulnerability and probably better left to the administrator to decide. -jd- On Thu, 17 Aug 2000, Markus Holmberg wrote: > Hi.. > > Recently I noticed that /var/log/maillog was stored world readable > and contains each messages sender and recipient information (at least > Postfix by default stores this, can't remember if Sendmail > does?). > > This isn't a big issue, but still I was surprised considering the > unnecessary exposure of details in the systems users mail communication. > I was about to ask why maillog wasn't stored as read/write for root only, > when I discovered that also the mail queue (using mailq) also was world > readable. This also seemed to be the case with the Linux and Solaris > systems I tested. > > I don't expect any mail transport node on the path to the destination to > expose the envelope information "unnecessarily" (although of course I can > absolutely not *assume* that), and therefore neither expect my own MTA > to do that.. (yes, I might have naive expectations, in that case I need > to fix them :)) > > What is the rationale behind having the MTA by default exposing > information on who the users on the system receive and send > mail to through the mail log and the message queue? > (The mail queue information seemed to be world viewable (with mailq) on > all Unix systems I tested.) > > I understand that the envelope information of a mail message can not > be considered private, but this seems like unnecessary exposure..? > > I'm interested in enlightenment/opinions on this subject :).. > > In a way I'm hesitating to send this out now, because I realize the > similarity of this issue with standard unix concepts. For example > "viewing who else is logged in", "viewing other users processes" etc > which are totally given in a Unix environment. But now when I think > about it, are even these really justified? > > Regards, Markus. > > -- > > Markus Holmberg | Give me Unix or give me a typewriter. > markush@acc.umu.se | http://www.freebsd.org/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message