From: radel@bach.udel.edu (Todd Radel) Subject: Re: Any mail or fakemail available for linux ? Date: 16 Oct 1992 23:39:41 GMT
In article <1992Oct16.211748.15603@athena.mit.edu> duncan@erim.org (Robert Duncan) writes:
>| The /var/spool/mail directory on our SPARCserver clusters is also 1777.
>| It's not much of a security hole as long as a mailbox exists for each
>| user that is at least length 0 and is chmod'ed 600.
>|
>| Assuming the above holds true, nobody can delete, read, or write to other
>| people's mailboxes. All you could do is create a new file in the directory,
>| which doesn't seem to be very harmful...
>
>The problem is that someone could write a large enough file to fill
>up the partition, thus keeping any new mail from being stored there.
Yes, but there's plenty of other places on the /usr filesystem that
could be similarly sabotaged. The mail directory itself is fairly
secure.
-- Todd Radel | "Hello. My name is Inigo Montoya. You killed Honors CISC undergrad | my father. Prepare to die." University of Delaware | "STOP SAYING THAT!" -- _The_Princess_Bride_ Call the Politically Incorrect BBS! (302) 837-8088 V.32bis/24hrs Fido 1:150/380