Temp files cleanup?
Noel Jones
njones at megan.vbhcs.org
Mon Nov 26 02:39:07 CET 2012
On 11/25/2012 3:09 PM, Glenn Park wrote:
> On Sun, Nov 25, 2012 at 12:54 PM, Noel Jones <njones at megan.vbhcs.org> wrote:
>> On 11/25/2012 12:44 PM, Glenn Park wrote:
>>>
>>> 1) The directories inside $TEMPBASE/tmp are created with amavis:amavis
>>> rwxr-x--- permissions so they are not world readable, even when the
>>> $TEMPBASE/tmp directory is. Is there a problem with that? For
>>> example:
>>>
>>> drwxrwxrwt 10 root root 200 Nov 24 18:11 ./
>>> drwxr-xr-x 23 root root 800 Nov 24 18:03 ../
>>> drwxr-x--- 3 amavis amavis 80 Nov 24 18:00 amavis-20121124T180038-01142/
>>> drwxr-x--- 3 amavis amavis 80 Nov 24 18:10 amavis-20121124T181021-01143/
>>
>> The $TEMPBASE/tmp directory should also be drwxr-x--- amavis:amavis.
>
> Why? Just on principal? Nothing seems to break like this & the
> content is not readable by other users, why do you say this?
>
Because I don't want to waste my time doing a full analysis when I
know it's secure with a private $TEMPBASE/tmp. It's probably Ok,
for some value of probably.
Why would you want to use a probably secure configuration instead of
one known secure?
Good luck. Over and out.
-- Noel Jones
More information about the amavis-users
mailing list