mail folder vulnerable
Hello list pine gives me this message: [Folder vulnerable - directory /var/mail must have 1777 protection] why? ls -l in my home dir: drwx-- 2 taipan wheel 512 Apr 15 09:26 mail an ls -l in /var/mail: -rw--- 1 taipan wheel 11089 Apr 16 09:52 taipan is this serious? Radu Molnar Babes-Bolyai Comunication Center ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail folder vulnerable
On Fri, Apr 16, 2004 at 09:58:31AM +0300, Radu MOLNAR wrote: Hello list pine gives me this message: [Folder vulnerable - directory /var/mail must have 1777 protection] why? ls -l in my home dir: drwx-- 2 taipan wheel 512 Apr 15 09:26 mail an ls -l in /var/mail: -rw--- 1 taipan wheel 11089 Apr 16 09:52 taipan is this serious? I believe the error message is wrong on FreeBSD, and it should not be there if you use the FreeBSD port. Kris pgp0.pgp Description: PGP signature
Re: mail folder vulnerable
yes, i'm using pine from ports Radu Molnar Babes-Bolyai Comunication Center On Fri, 16 Apr 2004, Kris Kennaway wrote: On Fri, Apr 16, 2004 at 09:58:31AM +0300, Radu MOLNAR wrote: Hello list pine gives me this message: [Folder vulnerable - directory /var/mail must have 1777 protection] why? ls -l in my home dir: drwx-- 2 taipan wheel 512 Apr 15 09:26 mail an ls -l in /var/mail: -rw--- 1 taipan wheel 11089 Apr 16 09:52 taipan is this serious? I believe the error message is wrong on FreeBSD, and it should not be there if you use the FreeBSD port. Kris ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail folder vulnerable
On Fri, Apr 16, 2004 at 10:37:36AM +0300, Radu MOLNAR wrote: yes, i'm using pine from ports Radu Molnar Babes-Bolyai Comunication Center On Fri, 16 Apr 2004, Kris Kennaway wrote: On Fri, Apr 16, 2004 at 09:58:31AM +0300, Radu MOLNAR wrote: Hello list pine gives me this message: [Folder vulnerable - directory /var/mail must have 1777 protection] why? ls -l in my home dir: drwx-- 2 taipan wheel 512 Apr 15 09:26 mail an ls -l in /var/mail: -rw--- 1 taipan wheel 11089 Apr 16 09:52 taipan is this serious? I believe the error message is wrong on FreeBSD, and it should not be there if you use the FreeBSD port. You didn't ls -ld /var/mail; mode 1777 should not be needed on FreeBSD, but perhaps you have incorrect permissions still. Or, the pine port could just be wrong (maybe I'm mis-remembering that the warning was removed, or maybe it came back). Kris pgp0.pgp Description: PGP signature
Re: mail folder vulnerable
Radu Molnar Babes-Bolyai Comunication Center On Fri, 16 Apr 2004, Kris Kennaway wrote: On Fri, Apr 16, 2004 at 10:37:36AM +0300, Radu MOLNAR wrote: yes, i'm using pine from ports Radu Molnar Babes-Bolyai Comunication Center On Fri, 16 Apr 2004, Kris Kennaway wrote: On Fri, Apr 16, 2004 at 09:58:31AM +0300, Radu MOLNAR wrote: Hello list pine gives me this message: [Folder vulnerable - directory /var/mail must have 1777 protection] why? ls -l in my home dir: drwx-- 2 taipan wheel 512 Apr 15 09:26 mail an ls -l in /var/mail: -rw--- 1 taipan wheel 11089 Apr 16 09:52 taipan is this serious? I believe the error message is wrong on FreeBSD, and it should not be there if you use the FreeBSD port. You didn't ls -ld /var/mail; mode 1777 should not be needed on FreeBSD, but perhaps you have incorrect permissions still. Or, the pine port could just be wrong (maybe I'm mis-remembering that the warning was removed, or maybe it came back). Kris mode for /var/mail was 1775. i changed it to 1777 and i dont get the message anymore. isn't 1777 a security risk? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail folder vulnerable
On Fri, Apr 16, 2004 at 11:31:27AM +0300, Radu MOLNAR wrote: mode for /var/mail was 1775. It should be 0775. i changed it to 1777 and i dont get the message anymore. isn't 1777 a security risk? Not really, but it does allow people to store arbitrary files there, which you don't necessarily want. Mode 0775 is sufficient for FreeBSD since the MTA has permission to write to the directory by virtue of group membership. Kris pgp0.pgp Description: PGP signature
