[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] alias: :include:/dir/dir/mail.list
- Subject: Re: [cobalt-users] alias: :include:/dir/dir/mail.list
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Sat Jan 8 07:10:54 2000
At 06:53 AM 1/6/00 SeniorCareHelp wrote:
At line 380 of my sendmail.cf, I find this comment:
# are group-writable :include: and .forward files (un)trustworthy?
#O UnsafeGroupWrites
Before I go ahead and disable this checking, Why is this rule established?
Is there some very good security reason not apparent to me?
Is there a better way to do this rather than by disabling this rule?
A lot of us, including me, see group-writable files and directories as a
security hazard, because it's too easy to add someone to a group without
realizing all the ramifications of a group's writes.
However, that doesn't stop us from doing it when necessary.
There are other ways to skin this cat, though. In fact, uncommenting #O
UnsafeGroupWrites probably won't do it.
There's a similar directive for group-writable directories; I don't
remember its exact name right now, but that's the one you have to change to
get rid of your error message.
One way to handle this would be to make sure your program is unbreakable,
suid it to the user who owns the file, and carefully control who/what
process can run this program.
Jeff
--
Jeff Lasman, nobaloney.net
<jblists@xxxxxxxxxxxxx>
<www.nobaloney.net>, <www.mailtraqna.com>, <www.email-lists.com>