Re: should /var/spool/mail/ have a the sticky bit set? ...

To: Ethan Benson <erbenson@alaska.net>
Cc: Debian User Mail List <debian-user@lists.debian.org>
Subject: Re: should /var/spool/mail/ have a the sticky bit set? ...
From: Richard A Nelson <cowboy@debian.org>
Date: Fri, 30 Mar 2001 19:36:23 -0500 (EST)
Message-id: <[🔎] Pine.LNX.4.33.0103301925290.24354-100000@back40>
In-reply-to: <[🔎] 20010330145235.Z909@plato.local.lan>

On Fri, 30 Mar 2001, Ethan Benson wrote:

> /var/mail into the solaris style world writable /var/mail.  except
> this is dependent on your MTA, sendmail and exim are broken in that
> they insist on creating mailspools mode 660 group=mail which means any
> gid=mail exploit compromises every single user's mail spool.  i prefer
> postfix which creates mailspools mode 600 group=mail.

As I'm sure you know, sendmail *never* touches *anything* in /var/mail -
that is the MDA's job...  procmail, mailagent, deliver, etc..

Ok, sendmail does include a (very little used) default MDA (mail.local),
and the behaviour there is changeable... and I'll make *not* do 660 from
now on.
-- 
Rick Nelson
* bma wonders if this will make the Knghtbrd .sig

Reply to:

Follow-Ups:
- Re: should /var/spool/mail/ have a the sticky bit set? ...
  - From: Ethan Benson <erbenson@alaska.net>

References:
- Re: should /var/spool/mail/ have a the sticky bit set? ...
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: Re: Security through paranoia
Next by Date: Re: Security trough paranoia
Previous by thread: Re: should /var/spool/mail/ have a the sticky bit set? ...
Next by thread: Re: should /var/spool/mail/ have a the sticky bit set? ...
Index(es):
- Date
- Thread