On Tue, 2008-03-04 at 13:42 +0100, Benoit Branciard wrote:
Timo Sirainen a écrit :
2a) mbox: Any files/directories under mail group-writable directories can be created/deleted/renamed by symlinking the directory under ~/mail/. For example ln -s /var/mail ~/mail/var, DELETE var/root will happily delete root's mailbox. This I hadn't thought about before.
Not if /var/mail is set sticky, which is the case on all good modern Unix systems:
Right. That's why it was included in the workarounds. :)
Anyway I also thought that /var/mail would be sticky in at least some systems. I couldn't find a single one. CentOS 5, Debian, FreeBSD 6.2, Solaris 10 none have it sticky by default.
All our Debian Sarge and Etch systems (with Sendmail and procmail packages) have /var/mail sticky by default, we didn't modify it ourselves.
My test Debian image came from debian-40r1-amd64-businesscard.iso and it had no MTA installed. After installing Exim /var/mail still wasn't sticky. After installing sendmail-bin it got sticky.