1777 protection

William F. Acker WB2FLW +1-303-777-8123 wacker at octothorp.org
Sun Nov 25 13:41:23 EST 2001

Actually, the messages about mailbox vulnerability have nothing to do with
whether someone else can read your mail.  Mail files are generally owned
by the user who receives the mail, and are in group mail with a mode of
660.  The problem is that the current pine session *can't* write to
/var/spool/mail.  The reason is that it's necessary to lock a mailbox when
changing it, for example, when messages are deleted.  The lock prevents
other programs such as sendmail from writing to the file.  Without this,
you'd get corruption and the probable loss of messages.  Mode 1777 allows
*everyone* to create files in the mail directory much as mode 777 does.  
The 1 prefix is the "sticky bit".  This prevents a file from being deleted
by anyone other than root or the owner of the file.  That's why /tmp is
setup this way also.  I'm pretty sure that the newest versions of pine
handle locking in a different way, but I have no idea how.

          Bill in Denver

On Sat, 24 Nov 2001, Gregory Nowak wrote:

> That means that anyone with access to your machine can read all mail on it at least if not do more with it.
> To fix this (which I'm sure you want to do), type the following line without the quotes.
> "chmod 1777 /var/spool/mail"

More information about the Speakup mailing list