notfound 481347 1:8.1.2-0.20050715cvs-1 reassign 481347 sendmail-bin 8.13.8-3 thanks
On Thu, 15 May 2008, Gerfried Fuchs wrote: Hi, Sorry about the delay, I haven't noticed the bug until today :( > > The problem that it is world readable lies in the used tool mail, > coming from the mailx package. The information exposure problem is not > limited to logcheck here, it in fact is a more general problem residing > in mailx that it doesn't tighten the file permission of the dead.letter > file it creates. No, mailx correctly sets umask to 077 before creating a dead.letter file. The problem might be in sendmail binary which is spawned by mailx. I use postifx and can't reproduce the bug with it. Stefanos, could you please check if you get the dead.letter after the following commands: umask 000 yes | dd count=102400 | /usr/sbin/sendmail -t `id -u` Best Regards, robert
signature.asc
Description: Digital signature
