Nasty Security Hole?
Bob Peirce
news at investor.UUCP
Thu Nov 17 04:36:26 AEST 1988
In article <175 at ernie.NECAM.COM> peter at ernie.NECAM.COM (Peter DiPrete) writes:
>
>Here's the question, since the mail directory *must* have liberal
>permissions to allow any user access to his/her mailbox, how can I
>protect people's files. Even if a file has permissions set to 000,
>any other user can blow it away! Can I protect people's mail better than this?
Our SysV mail has very restricted permissions. The directory has rwx for
owner and group (mail) only and so do the files. All files are in the
mail group and mail, I suppose, runs setgid mail.
--
Bob Peirce, Pittsburgh, PA 412-471-5320
uucp: ...!{allegra, bellcore, cadre, idis, psuvax1}!pitt!investor!rbp
NOTE: Mail must be < 30K bytes/message
More information about the Comp.unix.wizards
mailing list