Re: balsa crashing
- From: Jules Bean <jules jellybean co uk>
- To: Ali Akcaagac <ali akcaagac stud fh-wilhelmshaven de>
- Cc: Brandon <bsewell ols com>, balsa-list gnome org
- Subject: Re: balsa crashing
- Date: Tue, 20 Mar 2001 19:07:56 +0000
On Tue, Mar 20, 2001 at 07:58:54PM +0100, Ali Akcaagac wrote:
> On 2001.03.20 19:54:38 +0100 Jules Bean wrote:
> > > > Balsa cannot open you "Inbox" mailbox
> > > > Could not load basic mailboxes
> > > > invalid cast from null ptr to gtkwindow
> > > > file gnome-dialog.c line 384 (gnome_dialog_set_parent: assertion `parent
> > > > != null failed
> > > > etc...
> > >
> > > jesus this is old....
> > >
> > > read the README...
> > >
> > > login as root
> > >
> > > cd /var/spool
> > > chmod 1777 mail
> >
> > This is very bad advice.
> >
> > Don't do it unless you are confident you understand your mail systems
> > and the implications of it.
> >
> > On many systems, the correct permissions for mail /var/spool/mail are
> > rwxrwsr-t. Giving world write access to /var/spool/mail is a
> > potential security hole.
>
> theres no need to explain this to me. its written in balsa README
> and the flock or vflock stuff inside needs that. if you do also
Under debian it doesn't have world-writable, and balsa still works
under debian... I must admit I haven't looked at how the locking works
in that circumstance.
>
> cd /var/spool/mail
> chmod 700 *
>
> then theres no securityrisk at all. and who wants to bomb your
The security risk is that if your mailbox is empty (and deleted) then
someone else can create it, owned by them.
> email account ? never seen and serious people use firewall so who
> cares.
It's not a remote security risk, it's a security risk between users of
the same machine.
The chmod 700 trick will also break MDAs which are only setgid mail,
rather than setuid root.
Jules
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
