[432] in linux-security and linux-alert archive
Re: /var/spool/mail permissions
daemon@ATHENA.MIT.EDU (Leonard N. Zubkoff)
Thu Oct 26 18:49:23 1995
Date: Thu, 26 Oct 1995 13:15:53 -0700
From: "Leonard N. Zubkoff" <lnz@dandelion.com>
Cc: linux-security@tarsier.cv.nrao.edu, cs6171%scitsc@dandelion.com
In-Reply-To: <m0t7tY9-000A6LC@scitsc.wlv.ac.uk> (owner-linux-security@tarsier.cv.nrao.edu)
From: owner-linux-security@tarsier.cv.nrao.edu
Date: Wed, 25 Oct 1995 00:18:32 +0000 (GMT)
People on comp. security. unix have suggested giving
/var/spool/mail drwxrwxrwt permissions on linux. On my system I
know that this is a BAD idea, and I told them so.
I have my system setup with:
kelewan:~> ll -d /var/spool/mail
drwxrwsrwt 2 root mail 1024 Oct 26 13:09 /var/spool/mail/
I am running sendmail and using procmail as the local delivery agent. If I
attempt your attack creating a link as in:
kelewan:~> ll /var/spool/mail
lrwxrwxrwx 1 lnz mail 10 Oct 26 13:11 lnz -> /tmp/xyzzy
and then receive mail, procmail notices this attempt and corrects it:
kelewan:~> ll /var/spool/mail
lrwxrwxrwx 1 lnz mail 10 Oct 26 13:11 BOGUS.6u3 -> /tmp/xyzzy
-rw------- 1 lnz mail 333 Oct 26 13:12 lnz
One of the things I like about procmail...
Leonard
