Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!apple!bloom-beacon!think!think.com
From: rlk@think.com (Robert Krawitz)
Newsgroups: comp.emacs
Subject: Re: Rmail
Message-ID: <23400@news.Think.COM>
Date: 3 Jul 89 14:09:59 GMT
References: <416@sirius.ua.oz> <KIM.89Jun30095016@kannel.lut.fi> <23253@news.Think.COM> <KIM.89Jul3122907@kannel.lut.fi>
Sender: news@Think.COM
Reply-To: rlk@think.com (Robert Krawitz)
Organization: Thinking Machines Corp., Cambridge MA
Lines: 51
In-reply-to: kim@kannel.lut.fi (Kimmo Suominen)

In article <KIM.89Jul3122907@kannel.lut.fi>, kim@kannel (Kimmo Suominen) writes:
]In article <23253@news.Think.COM> rlk@think.com (Robert Krawitz) writes:
]
]   In article <KIM.89Jun30095016@kannel.lut.fi>, kim@kannel (Kimmo Suominen)
]   writes: 
]       Problem  with  the  first solution is that  anyone can now  remove
]       another person's  incoming  mail file.
]
]       Problem with the second solution is  that anyone can  read someone
]       else's mail by setting the incoming mailbox variable in  Emacs (at
]       least I think it's possible that way - I haven't tried).
]
]   No, it shouldn't be possible.  The individual spool files are normally
]   set 600, so only the owner can read or write them.  It doesn't prevent
]   anyone who has access to the directory from stat'ing them, though, but
]   movemail doesn't have any way to print out the stats coded into it.
]
]Which one shouldn't be possible?  (Well, yeah - it shouldn't be but it is
]- or did you mean "it can't be")

This should work (on a 4.3 derived system):

/usr/spool/mail is owned by root, group mail, protection 1730
(drwx-wx--T).  The sticky bit prevents removal of a file not owned by
the process attempting to delete it.

Movemail setgid, group mail.  This makes the uid == your uid, and it
runs as group mail.  It cannot read the spool directory, but it can
search it (i. e. find files in it) and read and delete files owned by
you.

This taken from the man page for sticky(8) in the SunOS 4.0.1
distribution, but I don't think that only SunOS does this.

]If you have write permission to a directory, you can delete any file in
]it even if you don't have any rights for the file itself.

Not true in 4.3; note also that movemail can check ownership in a
system without sticky directories.  It's a simple enough program so
that it can do checks of that nature.

]If you have movemail installed as setgid to mail, then you *CAN* read
]another person's incoming mail.  I just tried it out and it works fine
](just use "set-rmail-inbox-list").

Well, are your mail spool files set to 600 (readable by owner only)?
I think not.
-- 
ames >>>>>>>>>  |	Robert Krawitz <rlk@think.com>	245 First St.
bloom-beacon >  |think!rlk				Cambridge, MA  02142
harvard >>>>>>  .	Thinking Machines Corp.		(617)876-1111