On Fri, Mar 30, 2001 at 07:36:23PM -0500, Richard A Nelson wrote: > On Fri, 30 Mar 2001, Ethan Benson wrote: > > > /var/mail into the solaris style world writable /var/mail. except > > this is dependent on your MTA, sendmail and exim are broken in that > > they insist on creating mailspools mode 660 group=mail which means any > > gid=mail exploit compromises every single user's mail spool. i prefer > > postfix which creates mailspools mode 600 group=mail. > > As I'm sure you know, sendmail *never* touches *anything* in /var/mail - > that is the MDA's job... procmail, mailagent, deliver, etc.. erm yes, just most/all sendmail setups ive seen seem to have 660 mailspools, which has always made zero sense to me. (the delivery agent should setuid() itself to the target user to do the delivery) > Ok, sendmail does include a (very little used) default MDA (mail.local), > and the behaviour there is changeable... and I'll make *not* do 660 from > now on. what does exim use? last time i installed a quick debian system and forget to deselect exim in favor of postfix i noticed it created 660 mailspools too. why is this ever done anyway? -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpUddC63sCXS.pgp
Description: PGP signature