Bugtraq mailing list archives
Re: Possible mail spool problem
From: mlists () GIZMO KYRNET KG (CyberPsychotic)
Date: Fri, 6 Nov 1998 10:02:10 +0500
~ Following installation of suse 5.1, the setup software sets the mail spool ~ directory world writable, which has a potential of causing some security ~ problems. although I have checked alot of possible forms of exploiting ~ this, there is probably some I have missed. removing the o+w bit from the ~ directory will surely solve the problems. ~ They should have sticky bit set there as well (I don't have suse anywhere around so can not check). However, many lattest mail clients (such as pine 3.96 and latter,procmail) attempt to create lock file in /var/spool/mail, one of solutions for this problem would be to make this dir world writable and sticky bit -- on. Fyodor
Current thread:
- another /usr/dt/bin/dtappgather feature! Andrea Costantino (Nov 02)
- Re: another /usr/dt/bin/dtappgather feature! Casper Dik (Nov 04)
- Possible mail spool problem signal (Nov 04)
- Re: Possible mail spool problem CyberPsychotic (Nov 05)
- Re: Possible mail spool problem Conrad Juleff (Nov 05)
- various *lame* DoS attacks Conrad Juleff (Nov 05)
- Re: various *lame* DoS attacks puppet (Nov 07)
- Sendmail DoS (was: Re: various *lame* DoS attacks) net.ikon (Nov 12)
- Possible mail spool problem signal (Nov 04)
- Re: another /usr/dt/bin/dtappgather feature! Casper Dik (Nov 04)
- Re: another /usr/dt/bin/dtappgather feature! Ben Collins (Nov 04)
- Re: another /usr/dt/bin/dtappgather feature! Scott Cromar (Nov 05)
- Re: another /usr/dt/bin/dtappgather feature! J.A. Gutierrez (Nov 06)
- Re: another /usr/dt/bin/dtappgather feature! Casper Dik (Nov 09)
- Sun Security Bulletin #00178 joshua grubman (Nov 09)
- XFree86 3.3.2's setup tool /tmp race Adrian Voinea (Nov 08)