Subject: /var/mail perms, possible security hole
To: None <current-users@NetBSD.ORG>
From: Travis Hassloch x231 <travis@EvTech.com>
Date: 07/08/1996 13:08:08
If they're 1777, mail.local can be tricked via a race condition into
trying to write to any file, with the permissions of the addressee,
if the addressee does not have a mail file already (or if their mail
file happens to be owned by the attacker).
In short; mail.local is *not* designed properly to work with publicly
writeable dirs. I don't think many people have their mail dir set up
this way, but I thought it prudent to warn people. I think 755 is
far more common and prudent.
Travis Hassloch, Electronic Blacksmith | P=NP if (P=0 or N=1)
There's a fine line between an email message and its signature.