Date: Tue, 29 Oct 1996 16:48:02 -0500 (EST) From: "Marc G. Fournier" <scrappy@ki.net> To: Mark Crispin <MRC@CAC.Washington.EDU> Cc: J Wunsch <j@uriah.heep.sax.de>, Ollivier Robert <roberto@keltia.freenix.fr>, current@FreeBSD.org Subject: Re: /var/mail (was: re: Help, permission problems...) Message-ID: <Pine.NEB.3.95.961029163855.8633H-100000@quagmire.ki.net> In-Reply-To: <MailManager.846571671.12487.mrc@Tomobiki-Cho.CAC.Washington.EDU>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 28 Oct 1996, Mark Crispin wrote: > > The grim truth is, FreeBSD is a minority system, run by very few sites. It is > supported only incidentally; I don't even have a specific FreeBSD port, > although there is a BSD, BSDI, and NetBSD port. It isn't that I'm prejudiced > against FreeBSD; quite the contrary, I'm a pro-BSD bigot. But the world has > chosen SVR4, OSF/1, and Linux. > Fresh install of Linux: innuendo:ziggy:~$ ls -ld /var/spool/mail drwxrwxrwx 2 root root 1024 Oct 29 16:13 /var/spool/mail innuendo:ziggy:~$ uname -a Linux innuendo.tlug.org 2.0.22 #2 Sun Oct 13 21:20:35 EDT 1996 i586 - worse, IMHO, then 755, they don't set the sticky bit Recent Upgrade from 2.4 -> 2.5.1 of Sparc Solaris: bash# ls -ld /var/mail drwxrwxrwt 5 root mail 7168 Oct 29 16:38 /var/mail bash# uname -a SunOS clio 5.5.1 Generic sun4m sparc SUNW,SPARCstation-20 Very old version of BSDi: $ rsh mail.io.org ls -ld /var/mail drwxr-xr-x 2 root user 166912 Oct 27 18:37 /var/mail $ rsh mail.io.org uname -a BSD/OS io.org 2.0 BSDI BSD/OS 2.0 Kernel #4: Thu May 11 12:00:15 EDT 1995 scrappy@trepan.io.org:/usr/src/sys/compile/mainsys i386 IMHO, I don't think the bug is so much what each OS is setting their /var/mail directories as being, but the fact that after I installed IMAP-4, without sending Mark a query as to what was wrong, there is no indication of what the problem is, other then the lock failed. I'm curious as to what sort of DoS attacks can arise from setting my /var/mail to 1777 vs 755, and what can be done to fix it. /tmp is set to 1777, so I am assuming that the DoS attacks are from an external source, not internal. And watching all the "security" bugs that get reported about Linux, I'm shocked that something that we seem to consider a channel for a DoS hasn't posed a problem for Linux (or else its been fixed already under Linux?) Marc G. Fournier scrappy@ki.net Systems Administrator @ ki.net scrappy@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.95.961029163855.8633H-100000>