[Dovecot] Security issue #5: mail_extra_groups setting is often used insecurely

Benoit Branciard Benoit.Branciard at univ-paris1.fr
Tue Mar 4 14:42:19 EET 2008


Timo Sirainen a écrit :
>>> 2a) mbox: Any files/directories under mail group-writable directories
>>> can be created/deleted/renamed by symlinking the directory under
>>> ~/mail/. For example ln -s /var/mail ~/mail/var, DELETE var/root will
>>> happily delete root's mailbox. This I hadn't thought about before.
>>
>> Not if /var/mail is set sticky, which is the case on all good modern 
>> Unix systems:
> 
> Right. That's why it was included in the workarounds. :)
> 
> Anyway I also thought that /var/mail would be sticky in at least some 
> systems. I couldn't find a single one. CentOS 5, Debian, FreeBSD 6.2, 
> Solaris 10 none have it sticky by default.

All our Debian Sarge and Etch systems (with Sendmail and procmail 
packages) have /var/mail sticky by default, we didn't modify it ourselves.


-- 
Ce message a ete verifie par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a ete trouve.



More information about the dovecot mailing list