On Fri, 20 Feb 2004, Rick Shepherd wrote:
> Mailbox vulnerable - directory /var/spool/mail must have 1777 protection
You don't say what application, but my guess is pine. Red Hat hacked pine
so that it didn't require lockfile creation in the /var/spool/mail
directory, which is sort of a lame thing for pine to do anyway.
Unfortunately, Fedora doesn't include pine, so if you install it yourself,
you'll get this error because without the sticky bit, the application
can't create mbox lockfiles in /var/spool/mail. Whether or not this is
actually a problem will depend a great deal on your environment, and how
worried you are about corrupted mailboxes.
1777 is a reasonable set of permissions, but it *does* open up the
mailspool directory to some potential race conditions and some rather
limited DoS issues under certain circumstances. So, if you need it, set
the sticky bit and don't lose too much sleep over it. But if you can avoid
it by patching your application, or having the MDA deliver to mbox/maildir
in each users' home directories, you'll be better off in the long run.
--
Todd's "Customer Disservice Hall of Shame" currently contains:
- Charter Communications: Mislead their customers about service
levels, block normal Internet connectivity, and exhibit excessive
downtime.
- AT&T: Honoring the "checks" they send out to entice you to switch
long-distance providers is apparently optional.
- eFax: Receive (not send) 20 pages of *unsolicited* faxes, and lose
your account.
_______________________________________________
RLUG mailing list
[EMAIL PROTECTED]
http://www.rlug.org/mailman/listinfo/rlug
