Subject: Re: Sendmail is filling my logs
To: Martin Husemann <>
From: Andrew Brown <>
List: current-users
Date: 02/18/2000 21:53:16
>But isn't this warning message (a) wrong, (b) confusing and in this case
>completely inappropriate (what is the security implication of my case
>that I can't see)?

>Feb 18 21:23:11 rumolt sendmail[239]: VAA00257: forward /home/martin/.forward.rumolt: Group writable directory

if you read it like this: (a) sendmail was looking for a .forward type
file, (b) here's the path it was checking, and (c) that path contains
a group writable directory, then it's perfectly acceptable.  it's a
bit of a stretch, but that's it.

the security risk to you is that sendmail thinks it's possible that
someone can steal your mail.

since /home (actually /usr/home) is group writable, anyone who can
write to that directory can move (if not remove) your home directory
and replace it with another.  if they can do this, they can put a
.forward file at the point where sendmail expects to find yours, and
steal your email.

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."