[Dovecot] Security issue #5: mail_extra_groups setting is often used insecurely
Timo Sirainen
tss at iki.fi
Tue Mar 4 14:57:49 EET 2008
On Tue, 2008-03-04 at 13:42 +0100, Benoit Branciard wrote:
> Timo Sirainen a écrit :
> >>> 2a) mbox: Any files/directories under mail group-writable directories
> >>> can be created/deleted/renamed by symlinking the directory under
> >>> ~/mail/. For example ln -s /var/mail ~/mail/var, DELETE var/root will
> >>> happily delete root's mailbox. This I hadn't thought about before.
> >>
> >> Not if /var/mail is set sticky, which is the case on all good modern
> >> Unix systems:
> >
> > Right. That's why it was included in the workarounds. :)
> >
> > Anyway I also thought that /var/mail would be sticky in at least some
> > systems. I couldn't find a single one. CentOS 5, Debian, FreeBSD 6.2,
> > Solaris 10 none have it sticky by default.
>
> All our Debian Sarge and Etch systems (with Sendmail and procmail
> packages) have /var/mail sticky by default, we didn't modify it ourselves.
My test Debian image came from debian-40r1-amd64-businesscard.iso and it
had no MTA installed. After installing Exim /var/mail still wasn't
sticky. After installing sendmail-bin it got sticky.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080304/ba6268d5/attachment.bin
More information about the dovecot
mailing list