Date: Thu, 31 Oct 1996 11:31:38 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: michaelh@cet.co.jp (Michael Hancock) Cc: terry@lambert.org, dubois@primate.wisc.edu, current@FreeBSD.org Subject: Re: /var/mail (was: re: Help, permission problems...) Message-ID: <199610311831.LAA25666@phaeton.artisoft.com> In-Reply-To: <Pine.SV4.3.95.961031205150.27396C-100000@parkplace.cet.co.jp> from "Michael Hancock" at Oct 31, 96 08:55:58 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > > Also, perhaps I missed it in this discussion, but just what *is* > > > the security problem WRT having /var/mail set to 1777? > > > > % id > > uid=501(terry) gid=20(staff) groups=20(staff), 0(wheel), 552(ncvs) > > % touch /var/mail/dubois > > % chmod 644 !$ > > % ls -l !$ > > -rw-r--r-- 1 terry wheel 0 Oct 30 17:02 /var/mail/dubois > > % mail -s "pay me a dollar to unlock your mail" dubois < /dev/null > > Null message body; hope that's ok > > % > > The work around is to use mailer readers that truncate instead of remove > the file when all messages have been deleted or moved. 1) What if dubois never got any mail before that? 2) If we are specifying mail reader behaviour, we can force the fcntl() locking to work as well... which has the advantage of being a more general soloution anyway. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610311831.LAA25666>