Date: Fri, 22 Jun 2001 18:59:12 +0200 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: Nick Sayer <nsayer@quack.kfu.com> Cc: Nuno Teixeira <nuno.mailinglists@pt-quorum.com>, freebsd-stable@FreeBSD.ORG Subject: Re: /var/mail permissions: 0755 or 01777 ? Message-ID: <20010622185912.T64624@mail.webmonster.de> In-Reply-To: <3B33763B.5060706@quack.kfu.com>; from nsayer@quack.kfu.com on Fri, Jun 22, 2001 at 09:45:47AM -0700 References: <20010621214821.C376-100000@gateway.bogus> <20010622164453.J64624@mail.webmonster.de> <3B33763B.5060706@quack.kfu.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--sDhuxz86kt5qlkuV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Nick Sayer(nsayer@quack.kfu.com)@2001.06.22 09:45:47 +0000: >=20 >=20 > Karsten W. Rohrbach wrote: >=20 > > Nuno Teixeira(nuno.mailinglists@pt-quorum.com)@2001.06.21 21:51:34 +000= 0: > >=20 > >>Hello to all, > >> > >>The FreeBSD default permissions for /var/mail are 0755. > >> > >>Why is that PINE says that the /var/mail directory is vulnerable and it > >>says to change it to 01777 >=20 >=20 > 1777 makes it possible for users to create files in /var/mail. The good= =20 > news is that they can make lock files, which make "simultaneous"=20 > delivery and reading more reliable. The bad news is that they can make=20 > files named like other people's mailfiles. This can either be an attack= =20 > on their reader of choice or a denial of service, depending on how smart= =20 > the client and MDA are. that is, why i consequently killed /var/mail delivery on all of the systems i administer (administrate? whatever)... > As such, /var/mail is A Bad Thing. Putting mail into a file in the=20 > user's home directory is much safer. But the spec is too old to change=20 > by this point. So the best idea is to dispense with Unix formatted mail= =20 > files alltogether. Thus this advice: >=20 >=20 > > use Maildir > > faster, simpler, secure -- simply put: better ;-) >=20 >=20 > cyrus is better still, so long as you don't mind _only_ being able to=20 > use IMAP to play with your mail. Cyrus is particularly good for=20 > companies, as lmtp deliveries result in multiple ccs being hard links=20 > rather than separate copies. Great for when Marketing sends 20 copies of= =20 > a 50M powerpoint presentation. :-) indeed, but as you said, imap only. i switched to multiple boxes with qmtp transport and big mail volumes, in other words: i hit the problem with iron ;-) > As for MUAs, nothing I've tried has beaten Netscape 4.x yet, although I= =20 netscape mangles headers. thus, netscape is bad, IMVHO. > have switched over to Mozilla and it is close. For non-GUI, I prefer=20 > pine despite its tarnished security reputation. Surprisingly enough, a=20 over the past years i started to hate pine with all the security flaws and other operational problem that arise (mainly lack of support for maildir). for my fellow *bsd shell people, mutt does the best job and even newbies to unix and the like take a preconfigured muttrc and there they go. my personal mutt config is linked from my homepage and from the mutt faq, so you might give it a spin (configured vs. unconfigured)... > close second place behind Mozilla for me is SquirrelMail in a web=20 > browser. It really is good, believe it or not. I would make a port for=20 > it, but it's sort of pointless as it's just a bunch of php scripts you=20 > unpack into your www data direectory (www.squirrelmail.org if you are=20 > curious). heard about that, gonna try it out on some intranet server next week. /k --=20 > If it ain't broke, overclock it! KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n= et/ karsten&rohrbach.de -- alpha&ngenn.net -- alpha&scene.org -- catch@spam.de GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 B= F46 Please do not remove my address from To: and Cc: fields in mailing lists. 1= 0x --sDhuxz86kt5qlkuV Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7M3lgM0BPTilkv0YRAk+/AKCRE8thWhlnFeroY+jbMU0NoXGNUQCfcz2r 98Tshizw4sTRs2AxIkj5dzA= =Ami/ -----END PGP SIGNATURE----- --sDhuxz86kt5qlkuV-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010622185912.T64624>