Bugtraq mailing list archives

Re: Possible mail spool problem

From: cjuleff () IAC IAFRICA COM (Conrad Juleff)
Date: Fri, 6 Nov 1998 07:26:10 +0200


suse 5.2 has the permissions 1777 or drwxrwxrwt. This isnt a problem
and most systems are setup this way.

On Wed, Nov 04, 1998 at 08:06:32PM -0600, signal wrote:

Following installation of suse 5.1, the setup software sets the mail spool
directory world writable, which has a potential of causing some security
problems.  although I have checked alot of possible forms of exploiting
this, there is probably some I have missed.  removing the o+w bit from the
directory will surely solve the problems.

                                                signal
                                                <soren () PANGEA CA>

Current thread:

another /usr/dt/bin/dtappgather feature! Andrea Costantino (Nov 02)
- Re: another /usr/dt/bin/dtappgather feature! Casper Dik (Nov 04)
  - Possible mail spool problem signal (Nov 04)
    - Re: Possible mail spool problem CyberPsychotic (Nov 05)
    - Re: Possible mail spool problem Conrad Juleff (Nov 05)
    - various *lame* DoS attacks Conrad Juleff (Nov 05)
    - Re: various *lame* DoS attacks puppet (Nov 07)
    - Sendmail DoS (was: Re: various *lame* DoS attacks) net.ikon (Nov 12)
  - Re: another /usr/dt/bin/dtappgather feature! Ben Collins (Nov 04)
    - Re: another /usr/dt/bin/dtappgather feature! Scott Cromar (Nov 05)
    - Re: another /usr/dt/bin/dtappgather feature! J.A. Gutierrez (Nov 06)
    - Re: another /usr/dt/bin/dtappgather feature! Casper Dik (Nov 09)
    - Sun Security Bulletin #00178 joshua grubman (Nov 09)
    - XFree86 3.3.2's setup tool /tmp race Adrian Voinea (Nov 08)
  - Re: another /usr/dt/bin/dtappgather feature! Mike Iglesias (Nov 05)

(Thread continues...)