Date: Mon, 25 Jun 2001 14:48:39 -0700 From: faSty <fasty@i-sphere.com> To: Jason DiCioccio <jdicioccio@epylon.com> Cc: freebsd-security@freebsd.org Subject: Re: "Correct" permissions on /var/mail? Message-ID: <20010625144839.C94318@i-sphere.com> In-Reply-To: <657B20E93E93D4118F9700D0B73CE3EA0166D9B4@goofy.epylon.lan>; from jdicioccio@epylon.com on Mon, Jun 25, 2001 at 09:58:51AM -0700 References: <657B20E93E93D4118F9700D0B73CE3EA0166D9B4@goofy.epylon.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
True, I would terminate the customer's account out of my server. simple -trev On Mon, Jun 25, 2001 at 09:58:51AM -0700, Jason DiCioccio wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I use the freebsd default, although someone could still fill up /var > if they wanted to.. (cat /dev/urandom >/var/mail/`whoami`) > > But 1777 they could create extra files, no? I'd rather not have a > second /tmp.. > > > Cheers, > - -JD- > > > - -----Original Message----- > From: Leonard Chung [mailto:leonard@ssl.berkeley.edu] > Sent: Sunday, June 24, 2001 2:12 PM > To: security@FreeBSD.ORG > Subject: "Correct" permissions on /var/mail? > > > I was having a debate with a colleague the other day on the correct > mode > for /var/mail. He claimed that 1777 is more secure than what I've > always > had (the FreeBSD default of root:mail 775). > > 1777 gives you the additional benefit of protecting you from > compromises on > the mail group, but requires that on every machine quotas be > installed even > for machines with just one or two users. Without quotas, a malicious > user > could fill up /var/mail creating a DoS for everybody receiving mail > off > that machine. 775 doesn't protect against compromises of the mail > group, > but has the added benefit that it protects against a user filling > /var/mail > inadvertently as they would have to purposely send lots of e-mail. > > Which do most of you use? Is there a reason /var/mail is initially > set to > 775 rather than 1777? > > Thanks, > > Leonard > > > - -- > Leonard Chung - <leonard@ssl.berkeley.edu> > SETI@home - The Search for Extraterrestrial Intelligence @ home > http://www.setiathome.ssl.berkeley.edu > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>; > > iQA/AwUBOzdupVCmU62pemyaEQK3RwCgzkfVW04EYczOaPU7bJrNb1RQM2wAn0tI > VBfsNr+Jg1j6n+S40M4QXRMA > =RbAH > -----END PGP SIGNATURE----- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010625144839.C94318>