Mailbox vulnerable?
Hongwei Li
hongwei at morpheus.wustl.edu
Mon Jun 28 15:16:41 UTC 2004
After I set:
# chmod 1777 /var/spool/mail
# ls -ld /var/spool/mail*
drwxrwxrwt 2 root mail 4096 Jun 28 09:56 /var/spool/mail
drwxr-xr-x 3 root root 4096 May 20 15:02 /var/spool/mailman
My SquirrelMail immediately failed and automatically log out with "Login
failure error". Then, I checked the system log, and found the followings:
Jun 28 09:57:46 morpheus imap(pam_unix)[29850]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=127.0.0.1 user=hongwei
Jun 28 09:57:49 morpheus imapd[29850]: Login failed user=hongwei
auth=hongwei host=localhost.localdomain [127.0.0.1]
Jun 28 09:57:52 morpheus imapd[29850]: Command stream end of file, while
reading line user=hongwei host=localhost.localdomain [127.0.0.1]
Jun 28 09:58:05 morpheus imap(pam_unix)[29856]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=127.0.0.1 user=hongwei
Jun 28 09:58:07 morpheus imapd[29856]: Login failed user=hongwei
auth=hongwei host=localhost.localdomain [127.0.0.1]
Jun 28 09:58:10 morpheus imapd[29856]: Command stream end of file, while
reading line user=hongwei host=localhost.localdomain [127.0.0.1]
I am afraid that other users will immediately complain to me, so I had to
put it back as before, then I can use my squirrelmail.
What is wrong? Thanks!
Hongwei
> drwxrwxrwt root mail
>
> It's because Fedora 1 has a different version of imap than
> 7.3.
>
> Quoting Hongwei Li <hongwei at morpheus.wustl.edu>:
>
>> Thanks! But my rh7.3 box has
>>
>> # ls -ld /var/spool/mail/
>> drwxr-xr-x 2 root root 4096 Jun 28 08:00
>> /var/spool/mail/
>>
>> but never shows any warning message. Is it because rh7.3
>> is too old?
>>
>> Also, should it be drwxrwxrwt or drwxrwxr-t? should it be
>>
>> drwxrwxrwt root mail
>>
>> or
>>
>> drwxrwxrwt root root?
>>
>> Thanks!
>>
>>
>> > /var/spool/mail should have the following permissions:
>> > drwxrwxrwt (it should have the sticky bit set).
>> >
>> > Quoting Hongwei Li <hongwei at morpheus.wustl.edu>:
>> >
>> >> Hi,
>> >>
>> >> We have a fc1 box. We have he permissions setting as:
>> >>
>> >> # ls -ld /var/spool/mail
>> >> drwxrwxr-x 2 root mail 4096 Jun 28 08:43
>> /var/spool/mail
>> >> # ls -ld /tmp
>> >> drwxrwxrwt 11 root root 24576 Jun 28 08:43 /tmp
>> >>
>> >> The LogWatch always shows the warning:
>> >>
>> >> Mailbox vulnerable - directory /var/spool/mail must
>> have
>> >> 1777 protection
>> >>
>> >> When a regular user (except root) opens pine to read
>> >> mails, he also sees
>> >> this message at the very beninning for about 1 to 2
>> >> seconds. As I
>> >> understand, the permission drwxrwxr-x is correct.
>> What
>> >> is wrong? Do I
>> >> need to change the permission on the mail directory?
>> if
>> >> yes, change it to
>> >> what?
>> >>
>> >> Thanks!
>> >>
>> >> Hongwei
>> >>
>> >>
>> >> --
>> >> fedora-list mailing list
>> >> fedora-list at redhat.com
>> >> To unsubscribe:
>> >> http://www.redhat.com/mailman/listinfo/fedora-list
>> >>
>> >
>> >
>> >
>> >
>> >
>>
> ----------------------------------------------------------------
>> > This message was sent using IMP, the Internet Messaging
>> Program.
>> >
>> >
>> > --
>> > fedora-list mailing list
>> > fedora-list at redhat.com
>> > To unsubscribe:
>> http://www.redhat.com/mailman/listinfo/fedora-list
>> >
>>
>>
>> --
>> fedora-list mailing list
>> fedora-list at redhat.com
>> To unsubscribe:
>> http://www.redhat.com/mailman/listinfo/fedora-list
>>
>
>
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
More information about the fedora-list
mailing list