I was temporarilly using pine to retrieve my email, and upon exiting the program, pine notified me that the /var/mail directory was vulnerable, and advised a chmod 1777 of such. The default is 775. What are the implications of this, and won't 1777 make the folder more vulnerable? My understanding was that if the SUID bit is turned on for either U, G or O, that security is more at risk. Please let me know what I should do...
Permission 1777 involves the "sticky" bit, which is used for /tmp, not setuid or setgid:
STICKY DIRECTORIES A directory whose `sticky bit' is set becomes an append-only directory, or, more accurately, a directory in which the deletion of files is restricted. A file in a sticky directory may only be removed or renamed by a user if the user has write permission for the directory and the user is the owner of the file, the owner of the directory, or the super-user. This feature is usefully applied to directories such as /tmp which must be publicly writable but should deny users the license to arbitrarily delete or rename each others' files.
I think the stock BSD permissions of 775 imply that the LDA must be running as root in order to perform local delivery. The other type of mail configuration (used by SysV-style Unices) involves 770 permissions and having the LDA be setgid to "mail".
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"