'Re: imapd /var/mail permission question'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       c-client
Subject:    Re: imapd /var/mail permission question
From:       Sebastian Hagedorn <Hagedorn () spinfo ! uni-koeln ! de>
Date:       2004-03-08 13:52:11
Message-ID: 2147483647.1078757531 () tyrion ! rrz ! uni-koeln ! de
[Download RAW message or body]

--On Montag, 8. März 2004 8:21 Uhr -0500 Michael Cashwell 
<mboards@prograde.net> wrote:

> The message is:
>
> 2004-03-08 07:29:12.094 Mail[435] Unhandled response to command CLOSE: *
> NO  Mailbox vulnerable - directory /var/mail must have 1777 protection
>
> /var/mail had these permissions at the time:
> drwxrwxr-t   7 root  mail     238  8 Mar 07:25 mail
>
> I changed them to:
> drwxrwxrwt   7 root  mail     238  8 Mar 07:25 mail
>
> and that did silence the complaint, but in what way is having _more_
> restrictive permissions a vulnerability?

The vulnerability is that a lockfile can't be created, so that another 
process might munge the mailbox.

Here's the FAQ entry discussing this: 
<http://www.washington.edu/imap/IMAP-FAQs/index.html#7.10>
--
Sebastian Hagedorn		PGP key ID: 0x4D105B45
http://www.spinfo.uni-koeln.de/~hgd/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic