From owner-freebsd-questions@FreeBSD.ORG Fri Apr 16 00:49:26 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F262316A4CF for ; Fri, 16 Apr 2004 00:49:25 -0700 (PDT) Received: from mtaw4.prodigy.net (mtaw4.prodigy.net [64.164.98.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id C56D243D31 for ; Fri, 16 Apr 2004 00:49:25 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (5c82f3b74aee9f71aca3d0a45645929b@adsl-67-115-73-128.dsl.lsan03.pacbell.net [67.115.73.128]) by mtaw4.prodigy.net (8.12.10/8.12.10) with ESMTP id i3G7nO5k016885; Fri, 16 Apr 2004 00:49:24 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 7E069511FC; Fri, 16 Apr 2004 00:49:24 -0700 (PDT) Date: Fri, 16 Apr 2004 00:49:24 -0700 From: Kris Kennaway To: Radu MOLNAR Message-ID: <20040416074924.GA81037@xor.obsecurity.org> References: <20040416095729.A16602@hawat.cc.ubbcluj.ro> <20040416072714.GA80802@xor.obsecurity.org> <20040416103722.K33607@hawat.cc.ubbcluj.ro> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="mP3DRpeJDSE+ciuQ" Content-Disposition: inline In-Reply-To: <20040416103722.K33607@hawat.cc.ubbcluj.ro> User-Agent: Mutt/1.4.2.1i cc: freebsd-questions@freebsd.org cc: Kris Kennaway Subject: Re: mail folder vulnerable X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Apr 2004 07:49:26 -0000 --mP3DRpeJDSE+ciuQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Apr 16, 2004 at 10:37:36AM +0300, Radu MOLNAR wrote: > yes, i'm using pine from ports >=20 > -------------------------------- > Radu Molnar > Babes-Bolyai Comunication Center > -------------------------------- >=20 >=20 > On Fri, 16 Apr 2004, Kris Kennaway wrote: >=20 > > On Fri, Apr 16, 2004 at 09:58:31AM +0300, Radu MOLNAR wrote: > > > > > > Hello list > > > > > > pine gives me this message: > > > [Folder vulnerable - directory /var/mail must have 1777 protection] > > > why? > > > > > > ls -l in my home dir: > > > drwx------ 2 taipan wheel 512 Apr 15 09:26 mail > > > > > > an ls -l in /var/mail: > > > -rw------- 1 taipan wheel 11089 Apr 16 09:52 taipan > > > > > > is this serious? > > > > I believe the error message is wrong on FreeBSD, and it should not be > > there if you use the FreeBSD port. You didn't ls -ld /var/mail; mode 1777 should not be needed on FreeBSD, but perhaps you have incorrect permissions still. Or, the pine port could just be wrong (maybe I'm mis-remembering that the warning was removed, or maybe it came back). Kris --mP3DRpeJDSE+ciuQ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAf5AEWry0BWjoQKURAljoAKDaQ3CajXgxtmwugoxnv/mEFd7rnwCglRo6 o9X5Go/NiKsw9DnJe5MTBfY= =L039 -----END PGP SIGNATURE----- --mP3DRpeJDSE+ciuQ--