Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] Re: World writable directory

2005-10-10 by Matthias Scheler

On Mon, Oct 10, 2005 at 02:13:27PM -0000, Brian Tobin wrote:
> [root@LINUX /]# ls -lda var
> drwxr-xrwx  26 root root 4096 Oct  7 16:23 var

This looks fishy. It means that arbitrary users can create directories
in "/var".

> [root@LINUX /]# ls -lda /
> drwxr-xr-x  28 root root 4096 Oct  7 16:23 /
> 
> I can't imagine I can change the write permissions on / or /var since
> other applications must use these.

The permissions on "/var" look plain wrong. Any application which requires
"/var" to be world writable is broken. My guess is that these permissions
are the result of a mistake by the system administrator e.g. by feeding
bad values to a "configure" script. If you check "/var" for files you
might figure which software is using that directory directly instead
of a sub directory.

	Kind regards

-- 
Matthias Scheler                                  http://scheler.de/~matthias/

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.