Re: Starnge bug. - Rich Pieri

Gnus development mailing list
 help / color / mirror / Atom feed

From: Rich Pieri <rich.pieri@PrescientTech.com>
Subject: Re: Starnge bug.
Date: 06 Feb 1997 15:52:29 -0500	[thread overview]
Message-ID: <x79151hd2q.fsf@gkar.asds.com> (raw)
In-Reply-To: Carsten Leonhardt's message of 06 Feb 1997 17:54:09 +0100

-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Leo" == Carsten Leonhardt <leo@arioch.tng.oche.de> writes:

Leo> I solved with by making movemail setgid mail. You'll have to decide
Leo> for yourself if movemail is secure enough for that.

It would be easy to argue that it is not, since there is no security or
authentication involved in movemail.  It would be trivial for someone to
use this to overwrite other files writable by group mail.

What I prefer to do is to make the mail spool directory mode 777 and +t,
which allows anyone to write there but not delete any files they do not
own, similar to /tmp.  The sysmonster needs to keep an eye on it,
though, to prevent people from using it as /tmp... or a script that
deletes any file with a name that is not equal to the file's owner.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBMvpEj56VRH7BJMxHAQGAxgP/YMIdfLDjIagBUh2C9rR0let2jJgd+CEl
D16JxwqCQy8mZyiyGXVU+VfIW06aF7H8mSwyK3MDJE+rSD9B0e6Y8PAhP4sRY2UR
t7Dk0Iix7EfnDAz1NQRTCRHbbNxe8BnK7KhsjPU89QAymNirRGKooKRPC0H4Wj8s
wqZw2Yv3iAo=
=Hqb5
-----END PGP SIGNATURE-----
-- 
Rich Pieri <rich.pieri@prescienttech.com> | Happy Fun Ball may stick to certain
Prescient Technologies, Inc.              | types of skin.
A Stone & Webster Company                 | 
I speak for myself, not PTI or SWEC       |

     prev parent reply	other threads:[~1997-02-06 20:52 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
1997-02-05 11:49 Ville Kullervo Mattila
1997-02-05 16:15 ` David Moore
1997-02-05 19:31   ` Starnge bug (gnus 5.4.11 and xemacs 20.0) Ville Kullervo Mattila
1997-02-05 20:35 ` Starnge bug Rich Pieri
1997-02-06 10:31   ` Ville Kullervo Mattila
1997-02-06 16:54 ` Carsten Leonhardt
1997-02-06 20:52   ` Rich Pieri [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=x79151hd2q.fsf@gkar.asds.com \
    --to=rich.pieri@prescienttech.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).