On Friday 20 June 2008, Robert Luberda wrote: > > The problem that it is world readable lies in the used tool mail, > > coming from the mailx package. The information exposure problem is not > > limited to logcheck here, it in fact is a more general problem residing > > in mailx that it doesn't tighten the file permission of the dead.letter > > file it creates. > > No, mailx correctly sets umask to 077 before creating a dead.letter > file. The problem might be in sendmail binary which is spawned by mailx. > I use postifx and can't reproduce the bug with it. > > Stefanos, could you please check if you get the dead.letter after the > following commands: > umask 000 > yes | dd count=102400 | /usr/sbin/sendmail -t `id -u`
You are correct: -rw-r--r-- 1 v13 x9697 52429153 2008-06-20 11:35 dead.letter Also tested this without changing the umask (loged-out/in and removed the old dead.letter) and it had the same results: $ ls -l dead.letter -rw-r--r-- 1 v13 x9697 52429153 2008-06-20 11:39 dead.letter $ umask 0077 Installed sendmail version is 8.13.8-3: ii sendmail 8.13.8-3 ii sendmail-base 8.13.8-3 ii sendmail-bin 8.13.8-3 ii sendmail-cf 8.13.8-3 ii sendmail-doc 8.13.8-3 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
