Xref: utzoo comp.unix.internals:1275 comp.mail.sendmail:2466
Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uwm.edu!ux1.cso.uiuc.edu!mp.cs.niu.edu!rickert
From: rickert@mp.cs.niu.edu (Neil Rickert)
Newsgroups: comp.unix.internals,comp.mail.sendmail
Subject: Re: non-superuser chown(2)s considered harmful
Keywords: chown security quota BSD SYSV
Message-ID: <1990Dec7.032340.13531@mp.cs.niu.edu>
Date: 7 Dec 90 03:23:40 GMT
References: <1990Dec5.135759.12508@noao.edu> <1990Dec6.005358.6336@dg-rtp.dg.com> <109958@convex.convex.com>
Organization: Northern Illinois University
Lines: 21

In article <109958@convex.convex.com> tchrist@convex.COM (Tom Christiansen) writes:
>I consider non-superuser chown(2)s harmful.  They screw up anyone who's
>trying to do post-facto disk accounting or pre-emptive disk quotas.
>
>It also ruffles my security feathers.  Various programs realize that they
>shouldn't source config files owned by someone other than the current
>user, such as vi and the csh.  If I make a /tmp/.exrc, and someone cd's to

 I wonder whether 'sendmail' checks for this.  If the system aliases
file contains :include:/path/name   as an alias, when the alias is
expanded 'sendmail' uses the permissions of the owner of the :include:
file for aliases such as "|program".  (permission of daemon for a root
owner).  If SystemV versions of 'sendmail' don't change this, and allow
giving away files, then anyone given access to manage a mailing list has
almost carte-blanche to execute programs as other people.

-- 
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
  Neil W. Rickert, Computer Science               <rickert@cs.niu.edu>
  Northern Illinois Univ.
  DeKalb, IL 60115.                                  +1-815-753-6940