[8441] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Possible mail spool problem

daemon@ATHENA.MIT.EDU (Conrad Juleff)
Fri Nov 6 14:29:41 1998

Date: 	Fri, 6 Nov 1998 07:26:10 +0200
Reply-To: Conrad Juleff <cjuleff@IAC.IAFRICA.COM>
From: Conrad Juleff <cjuleff@IAC.IAFRICA.COM>
X-To:         signal <soren@PANGEA.CA>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <Pine.LNX.3.96.981104200341.32039A-100000@PARADIGM.PANGEA.CA>;
              from signal on Wed, Nov 04, 1998 at 08:06:32PM -0600

suse 5.2 has the permissions 1777 or drwxrwxrwt. This isnt a problem
and most systems are setup this way.

On Wed, Nov 04, 1998 at 08:06:32PM -0600, signal wrote:
> Following installation of suse 5.1, the setup software sets the mail spool
> directory world writable, which has a potential of causing some security
> problems.  although I have checked alot of possible forms of exploiting
> this, there is probably some I have missed.  removing the o+w bit from the
> directory will surely solve the problems.
>
>                                                 signal
>                                                 <soren@PANGEA.CA>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[8441] in bugtraq

Re: Possible mail spool problem

daemon@ATHENA.MIT.EDU (Conrad Juleff)Fri Nov 6 14:29:41 1998

daemon@ATHENA.MIT.EDU (Conrad Juleff)
Fri Nov 6 14:29:41 1998