Xref: utzoo comp.emacs:9001 gnu.emacs:3750
Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!uunet!mcsun!unido!tub!fauern!tumuc!lan!schoett
From: schoett@lan.informatik.tu-muenchen.dbp.de (Oliver Schoett)
Newsgroups: comp.emacs,gnu.emacs
Subject: Re: (Summary) EMACS Security Hole.
Message-ID: <4257@tuminfo1.lan.informatik.tu-muenchen.dbp.de>
Date: 3 Sep 90 12:15:19 GMT
References: <1990Aug21.121958.22139@ncs.dnd.ca>
Sender: news@lan.informatik.tu-muenchen.dbp.de
Followup-To: comp.emacs
Organization: Inst. fuer Informatik, Technische Univ. Muenchen, West Germany
Lines: 17
In-reply-to: jstewart@ncs.dnd.ca's message of 21 Aug 90 12:19:58 GMT

In article <1990Aug21.121958.22139@ncs.dnd.ca> jstewart@ncs.dnd.ca
(John Stewart) writes:

 > The installation instructions also did not say to [install movemail
 > setuid root].

Well, how was it supposed to work under Berkely Unix then?

I didn't see a way to use it without creating a security hole, and I
replaced it by a (slow) shell script that used /usr/ucb/mail to fetch
the messages.  But I'm not sure whether /usr/ucb/mail does proper
locking---it is not setuid.

Oliver Schoett	 Institut f\"ur Informatik, Technische Univ. M\"unchen
		 Postf. 202420, 8000 M\"unchen 2, Fed. Rep. of Germany
schoett@informatik.tu-muenchen.dbp.de		      +49 89 2105 2390
schoett%informatik.....de@  {relay.cs.net, unido.uucp, dfngate.bitnet}