From owner-freebsd-security  Sun Jun  9 23:07:44 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id XAA18527
          for security-outgoing; Sun, 9 Jun 1996 23:07:44 -0700 (PDT)
Received: from hemi.com (hemi.com [204.132.158.10])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id XAA18504
          for <freebsd-security@freebsd.org>; Sun, 9 Jun 1996 23:07:42 -0700 (PDT)
Received: (from mbarkah@localhost) by hemi.com (8.6.12/8.6.12) id AAA05202; Mon, 10 Jun 1996 00:07:39 -0600
From: Ade Barkah <mbarkah@hemi.com>
Message-Id: <199606100607.AAA05202@hemi.com>
Subject: Re: setuid root sendmail vs. mode 1733 /var/spool/mqueue?
To: taob@io.org (Brian Tao)
Date: Mon, 10 Jun 1996 00:07:38 -0600 (MDT)
Cc: freebsd-security@freebsd.org
In-Reply-To: <Pine.NEB.3.92.960609232322.23792E-100000@zap.io.org> from "Brian Tao" at Jun 9, 96 11:26:16 pm
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


Brian Tao wrote:

[Re: Denial of service by filling up a world-writable mqueue]
>     True enough, but since /tmp already puts the server in that
> position, I'm not overly worried about someone pulling this kind of
> stunt.  ...

You may want to create /tmp in it's own filesystem.

Regards,

-Ade
-------------------------------------------------------------------
Inet: mbarkah@hemi.com - HEMISPHERE ONLINE - <http://www.hemi.com/>
-------------------------------------------------------------------