Date: Sat, 08 Jun 1996 08:04:43 -0700 From: Paul Traina <pst@shockwave.com> To: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) <ache@astral.msk.su> Cc: pantzer@ludd.luth.se (Mattias Pantzare), security@FreeBSD.org Subject: Re: FreeBSD's /var/mail permissions Message-ID: <199606081504.IAA05536@precipice.shockwave.com> In-Reply-To: Your message of "Sat, 08 Jun 1996 11:32:35 %2B0400." <199606080732.LAA00950@astral.msk.su>
next in thread | previous in thread | raw e-mail | index | archive | help
But bad guy can't, because /var/mail is 755 From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chern >>ov, Black Mage) <ache@astral.msk.su> Subject: Re: FreeBSD's /var/mail permissions > > I'm confused, why do you say adduser must create new user mailbox? > > Mail.local is already suid root and adduser should deliver a preformatted > > mail message with mail.local. > > Why should adduser send any mail to anybody? Rather silly if you ask me. Because bad guy can pre-create upcoming user mailbox with 666 permissions. -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - http://dt.demos.su/~ache : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606081504.IAA05536>