Bugtraq mailing list archives
Re: Possible mail spool problem
From: cjuleff () IAC IAFRICA COM (Conrad Juleff)
Date: Fri, 6 Nov 1998 07:26:10 +0200
suse 5.2 has the permissions 1777 or drwxrwxrwt. This isnt a problem and most systems are setup this way. On Wed, Nov 04, 1998 at 08:06:32PM -0600, signal wrote:
Following installation of suse 5.1, the setup software sets the mail spool directory world writable, which has a potential of causing some security problems. although I have checked alot of possible forms of exploiting this, there is probably some I have missed. removing the o+w bit from the directory will surely solve the problems. signal <soren () PANGEA CA>
Current thread:
- another /usr/dt/bin/dtappgather feature! Andrea Costantino (Nov 02)
- Re: another /usr/dt/bin/dtappgather feature! Casper Dik (Nov 04)
- Possible mail spool problem signal (Nov 04)
- Re: Possible mail spool problem CyberPsychotic (Nov 05)
- Re: Possible mail spool problem Conrad Juleff (Nov 05)
- various *lame* DoS attacks Conrad Juleff (Nov 05)
- Re: various *lame* DoS attacks puppet (Nov 07)
- Sendmail DoS (was: Re: various *lame* DoS attacks) net.ikon (Nov 12)
- Possible mail spool problem signal (Nov 04)
- Re: another /usr/dt/bin/dtappgather feature! Casper Dik (Nov 04)
- Re: another /usr/dt/bin/dtappgather feature! Ben Collins (Nov 04)
- Re: another /usr/dt/bin/dtappgather feature! Scott Cromar (Nov 05)
- Re: another /usr/dt/bin/dtappgather feature! J.A. Gutierrez (Nov 06)
- Re: another /usr/dt/bin/dtappgather feature! Casper Dik (Nov 09)
- Sun Security Bulletin #00178 joshua grubman (Nov 09)
- XFree86 3.3.2's setup tool /tmp race Adrian Voinea (Nov 08)