[prev in list] [next in list] [prev in thread] [next in thread] 

List:       amavis-user
Subject:    Re: Temp files cleanup?
From:       Noel Jones <njones () megan ! vbhcs ! org>
Date:       2012-11-26 1:39:07
Message-ID: 50B2C83B.5080401 () megan ! vbhcs ! org
[Download RAW message or body]

On 11/25/2012 3:09 PM, Glenn Park wrote:
> On Sun, Nov 25, 2012 at 12:54 PM, Noel Jones <njones@megan.vbhcs.org> wrote:
>> On 11/25/2012 12:44 PM, Glenn Park wrote:
>>>
>>> 1) The directories inside $TEMPBASE/tmp are created with amavis:amavis
>>> rwxr-x--- permissions so they are not world readable, even when the
>>> $TEMPBASE/tmp directory is.  Is there a problem with that?  For
>>> example:
>>>
>>> drwxrwxrwt 10 root   root   200 Nov 24 18:11 ./
>>> drwxr-xr-x 23 root   root   800 Nov 24 18:03 ../
>>> drwxr-x---  3 amavis amavis  80 Nov 24 18:00 amavis-20121124T180038-01142/
>>> drwxr-x---  3 amavis amavis  80 Nov 24 18:10 amavis-20121124T181021-01143/
>>
>> The $TEMPBASE/tmp directory should also be drwxr-x--- amavis:amavis.
> 
> Why?  Just on principal?  Nothing seems to break like this & the
> content is not readable by other users, why do you say this?
> 


Because I don't want to waste my time doing a full analysis when I
know it's secure with a private $TEMPBASE/tmp.  It's probably Ok,
for some value of probably.

Why would you want to use a probably secure configuration instead of
one known secure?


Good luck.  Over and out.




  -- Noel Jones
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic