Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!uunet!ateng!chip
From: chip@ateng.com (Chip Salzenberg)
Newsgroups: comp.mail.uucp
Subject: Re: Setuid smail2.5?
Keywords: smail setuid
Message-ID: <257E9AB1.25111@ateng.com>
Date: 7 Dec 89 17:15:28 GMT
References: <534@isadora.ikp.liu.se>
Organization: A T Engineering, Tampa, FL
Lines: 15

Why, Goran, I'm surprised you didn't ask me... :-)

According to hacker@isadora.ikp.liu.se (Goran Larsson [Hacker of Hackefors]):
>Smail should then be setuid to "mail."
>Now, this scheme works as far as I can test, but in one area I have not
>found a answer: what about security?  The only problem that I can find is
>that if a user specifies alternate path or alias files, these files must
>be readable by the user "mail."

Easy.  Do like Deliver 2.0:  if such parameters are specified, renounce
setuid privileges.
-- 
You may redistribute this article only to those who may freely do likewise.
Chip Salzenberg at A T Engineering;  <chip@ateng.com> or <uunet!ateng!chip>
	  "The Usenet, in a very real sense, does not exist."