From owner-freebsd-security  Sun Jun 24 14: 5:52 2001
Delivered-To: freebsd-security@freebsd.org
Received: from i-sphere.com (shell.i-sphere.com [209.249.146.70])
	by hub.freebsd.org (Postfix) with ESMTP id E475837B406
	for <freebsd-security@freebsd.org>; Sun, 24 Jun 2001 14:05:49 -0700 (PDT)
	(envelope-from fasty@i-sphere.com)
Received: (from fasty@localhost)
	by i-sphere.com (8.11.3/8.11.3) id f5OLDMS77908;
	Sun, 24 Jun 2001 14:13:22 -0700 (PDT)
	(envelope-from fasty)
Date: Sun, 24 Jun 2001 14:13:22 -0700
From: faSty <fasty@i-sphere.com>
To: Leonard Chung <leonard@ssl.berkeley.edu>
Cc: freebsd-security@freebsd.org
Subject: Re: "Correct" permissions on /var/mail?
Message-ID: <20010624141322.A77852@i-sphere.com>
References: <5.1.0.14.2.20010624140225.02d492f0@chung.yikes.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <5.1.0.14.2.20010624140225.02d492f0@chung.yikes.com>; from leonard@ssl.berkeley.edu on Sun, Jun 24, 2001 at 02:11:54PM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Yes, the FreeBSD default 775 on /var/mail but my email server kept complain
stated /var/mail is security potiental so i had to set 1777 to shut the email
server up. It seems safe no security expliot lately on my shell server with
20 hardcore shell customers.

PS. This is going interesting topic discuss.. Im forwarding hear other people's
opinion. 

-trev

On Sun, Jun 24, 2001 at 02:11:54PM -0700, Leonard Chung wrote:
> I was having a debate with a colleague the other day on the correct mode 
> for /var/mail. He claimed that 1777 is more secure than what I've always 
> had (the FreeBSD default of root:mail 775).
> 
> 1777 gives you the additional benefit of protecting you from compromises on 
> the mail group, but requires that on every machine quotas be installed even 
> for machines with just one or two users. Without quotas, a malicious user 
> could fill up /var/mail creating a DoS for everybody receiving mail off 
> that machine. 775 doesn't protect against compromises of the mail group, 
> but has the added benefit that it protects against a user filling /var/mail 
> inadvertently as they would have to purposely send lots of e-mail.
> 
> Which do most of you use? Is there a reason /var/mail is initially set to 
> 775 rather than 1777?
> 
> Thanks,
> 
> Leonard
> 
> 
> --
> Leonard Chung - <leonard@ssl.berkeley.edu>
> SETI@home - The Search for Extraterrestrial Intelligence @ home
> http://www.setiathome.ssl.berkeley.edu
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message