From owner-freebsd-questions@FreeBSD.ORG Mon Jul 7 09:06:23 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 646A737B401 for ; Mon, 7 Jul 2003 09:06:23 -0700 (PDT) Received: from catflap.home.slightlystrange.org (pc4-cmbg1-4-cust87.cmbg.cable.ntl.com [80.6.127.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id 753FF43F85 for ; Mon, 7 Jul 2003 09:06:22 -0700 (PDT) (envelope-from danielby@slightlystrange.org) Received: from danielby by catflap.home.slightlystrange.org with local (Exim 4.20) id 19ZYVR-000KZG-2M for freebsd-questions@freebsd.org; Mon, 07 Jul 2003 17:06:21 +0100 Date: Mon, 7 Jul 2003 17:06:21 +0100 From: Daniel Bye To: freebsd-questions@freebsd.org Message-ID: <20030707160620.GA78701@catflap.home.slightlystrange.org> Mail-Followup-To: freebsd-questions@freebsd.org References: <200307071159.51505.quadrant@apex.homedns.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="UlVJffcvxoiEqYs2" Content-Disposition: inline In-Reply-To: <200307071159.51505.quadrant@apex.homedns.org> User-Agent: Mutt/1.4.1i Sender: Daniel Bye Subject: Re: /var/mail question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: dan@slightlystrange.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jul 2003 16:06:23 -0000 --UlVJffcvxoiEqYs2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jul 07, 2003 at 11:59:51AM -0400, quadrant wrote: > I was temporarilly using pine to retrieve my email, and upon exiting the > program, pine notified me that the /var/mail directory was > vulnerable, and advised a chmod 1777 of such. The default is 775. > What are the implications of this, and won't 1777 make the folder more > vulnerable? My understanding was that if the SUID bit is turned > on for either U, G or O, that security is more at risk. Please > let me know what I should do... > Thanks, > Eric chmod 1777 turns on the sticky bit, as well as giving rwx permissions for all. This is the same as, for example, /tmp. The sticky bit tells the system to allow only the owner of a file to unlink that file. That is, although any user can create a file, only the user that created it may unlink it. With the default mode of 0775, any member of the group owner of the directory could delete files. However, provided you only have trusted users in that group, it shouldn't be a problem. I have never seen such warnings, so have never given it any thought. Dan --=20 Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: 3B9D 8BBB EB03 BA83 5DB4 3B88 86FC F03A 90A1 BE8F _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ --UlVJffcvxoiEqYs2 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/CZp8hvzwOpChvo8RAgTWAJ9LFRu2cjjUGyCnrzhF9dh05XRGJwCfaAaG JRcXNKM/auVwblmpqV7spTA= =ATML -----END PGP SIGNATURE----- --UlVJffcvxoiEqYs2--