Date: Thu, 31 Oct 1996 20:55:58 +0900 (JST) From: Michael Hancock <michaelh@cet.co.jp> To: Terry Lambert <terry@lambert.org> Cc: Paul DuBois <dubois@primate.wisc.edu>, current@FreeBSD.org Subject: Re: /var/mail (was: re: Help, permission problems...) Message-ID: <Pine.SV4.3.95.961031205150.27396C-100000@parkplace.cet.co.jp> In-Reply-To: <199610310013.RAA24416@phaeton.artisoft.com>
index | next in thread | previous in thread | raw e-mail
On Wed, 30 Oct 1996, Terry Lambert wrote: > > Also, perhaps I missed it in this discussion, but just what *is* > > the security problem WRT having /var/mail set to 1777? > > % id > uid=501(terry) gid=20(staff) groups=20(staff), 0(wheel), 552(ncvs) > % touch /var/mail/dubois > % chmod 644 !$ > % ls -l !$ > -rw-r--r-- 1 terry wheel 0 Oct 30 17:02 /var/mail/dubois > % mail -s "pay me a dollar to unlock your mail" dubois < /dev/null > Null message body; hope that's ok > % The work around is to use mailer readers that truncate instead of remove the file when all messages have been deleted or moved. Regards, Mike Hancockhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SV4.3.95.961031205150.27396C-100000>