quadrant wrote:
I was temporarilly using pine to retrieve my email, and upon exiting the
program, pine notified me that the /var/mail directory was
vulnerable, and advised a chmod 1777 of such. The default is 775.
What are the implications of this, and won't 1777 make the folder more
vulnerable? My understanding was that if the SUID bit is turned
on for either U, G or O, that security is more at risk. Please
let me know what I should do...

Permission 1777 involves the "sticky" bit, which is used for /tmp, not setuid or setgid:


STICKY DIRECTORIES
     A directory whose `sticky bit' is set becomes an append-only directory,
     or, more accurately, a directory in which the deletion of files is
     restricted.  A file in a sticky directory may only be removed or renamed
     by a user if the user has write permission for the directory and the user
     is the owner of the file, the owner of the directory, or the super-user.
     This feature is usefully applied to directories such as /tmp which must
     be publicly writable but should deny users the license to arbitrarily
     delete or rename each others' files.

I think the stock BSD permissions of 775 imply that the LDA must be running as root in order to perform local delivery. The other type of mail configuration (used by SysV-style Unices) involves 770 permissions and having the LDA be setgid to "mail".

--
-Chuck


_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to