Re: "Correct" permissions on /var/mail?

From: faSty (fasty@i-sphere.com)
Date: 06/25/01 

Date: Mon, 25 Jun 2001 14:48:39 -0700
From: faSty <fasty@i-sphere.com>
To: Jason DiCioccio <jdicioccio@epylon.com>

True, I would terminate the customer's account out of my server. simple

-trev

On Mon, Jun 25, 2001 at 09:58:51AM -0700, Jason DiCioccio wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I use the freebsd default, although someone could still fill up /var
> if they wanted to.. (cat /dev/urandom >/var/mail/`whoami`)
>
> But 1777 they could create extra files, no? I'd rather not have a
> second /tmp..
>
>
> Cheers,
> - -JD-
>
>
> - -----Original Message-----
> From: Leonard Chung [mailto:leonard@ssl.berkeley.edu]
> Sent: Sunday, June 24, 2001 2:12 PM
> To: security@FreeBSD.ORG
> Subject: "Correct" permissions on /var/mail?
>
>
> I was having a debate with a colleague the other day on the correct
> mode
> for /var/mail. He claimed that 1777 is more secure than what I've
> always
> had (the FreeBSD default of root:mail 775).
>
> 1777 gives you the additional benefit of protecting you from
> compromises on
> the mail group, but requires that on every machine quotas be
> installed even
> for machines with just one or two users. Without quotas, a malicious
> user
> could fill up /var/mail creating a DoS for everybody receiving mail
> off
> that machine. 775 doesn't protect against compromises of the mail
> group,
> but has the added benefit that it protects against a user filling
> /var/mail
> inadvertently as they would have to purposely send lots of e-mail.
>
> Which do most of you use? Is there a reason /var/mail is initially
> set to
> 775 rather than 1777?
>
> Thanks,
>
> Leonard
>
>
> - --
> Leonard Chung - <leonard@ssl.berkeley.edu>
> SETI@home - The Search for Extraterrestrial Intelligence @ home
> http://www.setiathome.ssl.berkeley.edu
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBOzdupVCmU62pemyaEQK3RwCgzkfVW04EYczOaPU7bJrNb1RQM2wAn0tI
> VBfsNr+Jg1j6n+S40M4QXRMA
> =RbAH
> -----END PGP SIGNATURE-----
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: Security zone
    ... ZoneAlarm isn't available for FreeBSD, or any other flavor of UNIX. ... much better ways of protecting the system, ...
    (FreeBSD-Security)
  • RE: "Correct" permissions on /var/mail?
    ... I use the freebsd default, although someone could still fill up /var ... 1777 gives you the additional benefit of protecting you from ... but requires that on every machine quotas be ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • "Correct" permissions on /var/mail?
    ... 1777 gives you the additional benefit of protecting you from compromises on ... the mail group, but requires that on every machine quotas be installed even ...
    (FreeBSD-Security)
  • Re: "Correct" permissions on /var/mail?
    ... > 1777 gives you the additional benefit of protecting you from compromises on ... > the mail group, but requires that on every machine quotas be installed even ...
    (FreeBSD-Security)