Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!apple!bionet!ames!scubed!optis31!lawhorn From: lawhorn@optis31.uucp (Jeff Lawhorn) Newsgroups: comp.emacs Subject: Re: Rmail Message-ID: Date: 5 Jul 89 15:14:51 GMT References: <416@sirius.ua.oz> <23253@news.Think.COM> <23400@news.Think.COM> Sender: lawhorn@optis31.UUCP Reply-To: lawhorn@opti Lines: 36 In-reply-to: kim@kannel.lut.fi's message of 4 Jul 89 13:06:32 GMT I'm surprised no one has mentioned this yet. There are 2 major flavors of Unix, BSD and System V. Each of these uses a different concept on how to deliver mail. Under BSD, the mail directory is /usr/spool/mail, and normaly has the permissions 3777 (drwxrwsrwt). Each mailbox in /usr/spool/mail has the permissions 600 (-rw-------). This allows the user to read his mail, but keeps others out. This works because under BSD the mail delivery layer runs setuid to root, allowing it to write any mailbox. Under System V, the mail directory is /usr/mail, and normaly has the permissions 777 (drwxrwxr-x). Each mailbox in /usr/mail has the permissions 660 (-rw-rw----). The mailboxes are owned by the user the mail is for, and are group mail. This allows the user to read his mail, and keeps others out. (No one is normaly in the group mail.) This works well because the mail delivery layer runs setgid to mail. Under BSD everything should work just fine with movemail because only a program running as the user, or as root, should be able to read a mailbox. However under System V, movemail must be run as setgid to mail to be able to remove the mailbox. Because movemail is not well behaved and does not bother with checking user ids, it allows any user to steal another users mail. (I say steal because it removes the mailbox, so the original user will never see the mail.) Perhaps someone would like to fix movemail to check the owner of the mailbox against the user running the program. -- Jeff Lawhorn lawhorn@opti opti!lawhorn@berick.uucp ucsd!sdsu!berick!opti!lawhorn