From owner-freebsd-security  Mon Aug  7 21:29: 7 2000
Delivered-To: freebsd-security@freebsd.org
Received: from epsilon.lucida.qc.ca (epsilon.lucida.qc.ca [216.95.146.6])
	by hub.freebsd.org (Postfix) with SMTP id 481BE37B58F
	for <freebsd-security@freebsd.org>; Mon,  7 Aug 2000 21:28:46 -0700 (PDT)
	(envelope-from matt@ARPA.MAIL.NET)
Received: (qmail 86949 invoked by uid 1000); 8 Aug 2000 04:28:45 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 8 Aug 2000 04:28:45 -0000
Date: Tue, 8 Aug 2000 00:28:35 -0400 (EDT)
From: Matt Heckaman <matt@ARPA.MAIL.NET>
X-Sender: matt@epsilon.lucida.qc.ca
To: FreeBSD-PORTS <freebsd-ports@freebsd.org>
Cc: FreeBSD-SECURITY <freebsd-security@freebsd.org>
Subject: pine 4.21 port issues?
Message-ID: <Pine.BSF.4.21.0008080020001.86895-100000@epsilon.lucida.qc.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Rating: localhost 1.6.2 0/1000/N
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I reinstalled the pine 4.21 port a few days ago and I suddenly was greated
with the following notice from it upon reading mail:

[Mailbox vulnerable - directory /var/mail must have 1777 protection]

This is a bad thing. The default permissions on FreeBSD for /var/mail are
root:mail 0775 which, in my opinion, is far better than 1777. I'm curious
as to why all of the sudden it is reporting the mailbox as 'vulnerable'.

I've had a ton of users of mine freak out over this, and I must admit it's
odd. Pine aso has a new? depend on c-client4.7 which it did not have a few
months ago to my knowledge, as I have one pine build from March 19 that
does not have this depend or the mailbox warning.

Since very little in FreeBSD is ever done without a reason, I'm curious as
to the reason for this. It seems..wrong to have a port report a vulnerable
mailbox on a default FreeBSD installation. I would like to apologize for
the cross-post, but I felt it relevent to both lists. If this is incorrect
please inform me so that I don't make the same mistake again :)

Regards,
Matt Heckaman

* Matt Heckaman   - mailto:matt@lucida.qc.ca  http://www.lucida.qc.ca/ *
* GPG fingerprint - A9BC F3A8 278E 22F2 9BDA  BFCF 74C3 2D31 C035 5390 *

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (FreeBSD)
Comment: http://www.lucida.qc.ca/pgp

iD8DBQE5j4x1dMMtMcA1U5ARAvfvAJ45hV8wGtiHYj71fKwRjS0J4QC4oQCghwBh
3Lbel2zCC95gG1UCLdfiLT8=
=qbUc
-----END PGP SIGNATURE-----




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message