Karsten W. Rohrbach wrote:
> Nuno Teixeira([EMAIL PROTECTED])@2001.06.21 21:51:34 +0000:
>
>>Hello to all,
>>
>>The FreeBSD default permissions for /var/mail are 0755.
>>
>>Why is that PINE says that the /var/mail directory is vulnerable and it
>>says to change it to 01777
1777 makes it possible for users to create files in /var/mail. The good
news is that they can make lock files, which make "simultaneous"
delivery and reading more reliable. The bad news is that they can make
files named like other people's mailfiles. This can either be an attack
on their reader of choice or a denial of service, depending on how smart
the client and MDA are.
As such, /var/mail is A Bad Thing. Putting mail into a file in the
user's home directory is much safer. But the spec is too old to change
by this point. So the best idea is to dispense with Unix formatted mail
files alltogether. Thus this advice:
> use Maildir
> faster, simpler, secure -- simply put: better ;-)
cyrus is better still, so long as you don't mind _only_ being able to
use IMAP to play with your mail. Cyrus is particularly good for
companies, as lmtp deliveries result in multiple ccs being hard links
rather than separate copies. Great for when Marketing sends 20 copies of
a 50M powerpoint presentation. :-)
As for MUAs, nothing I've tried has beaten Netscape 4.x yet, although I
have switched over to Mozilla and it is close. For non-GUI, I prefer
pine despite its tarnished security reputation. Surprisingly enough, a
close second place behind Mozilla for me is SquirrelMail in a web
browser. It really is good, believe it or not. I would make a port for
it, but it's sort of pointless as it's just a bunch of php scripts you
unpack into your www data direectory (www.squirrelmail.org if you are
curious).
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
