On Thu, 26 Mar 1998, Matthew Saltzman wrote:

> Is there a reason why /var/spool/mail permissions are not 01777?

Because they don't need to be.  The 775 permissions allow users to read
and write their own mail and for members of the 'mail' group to do the
same.  Making the permissions 1777 will allow users to do this same thing,
but it also allows them to create files in the directory.  Among other
things, this allows users to interfere with mail delivery for those users
who do not (currently) have any mail but might get mail in the future.  It
could (possibly, does sendmail check for this) be used to trick sendmail
into delivering the mail to the wrong user, so that a malicious user could
cause sendmail to deliver foo's mail to bar, provided that foo does not
have any mail in his mailbox already.  Since this wouldn't even bounce it
is possible that no one would notice until it is too late.

It could also be used to deposit this redirected mail into system-critical
files which could be used to cause a security breach (for example, send
mail to foo which contains your machine's name, then redirect foo's
mailbox into root's .rhosts file).

Of course, sendmail might check for this condition, which would render
this (particular) exploit moot.

> As things stand (0775), Netscape's newsreader claims that it can't
> download articles without a separate movemail program (which I assume

Something is wrong with your Netscape installation, then, because news
articles don't belong in /var/spool/mail (at all, whether they come from
netscape or somewhere else).  I have no trouble at all reading news via
netscape, even with permissions set as they are.


-- 
  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
         To unsubscribe: mail [EMAIL PROTECTED] with 
                       "unsubscribe" as the Subject.

Reply via email to