Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!julius.cs.uiuc.edu!news.cs.indiana.edu!att!linac!midway!gargoyle!chinet!les
From: les@chinet.chi.il.us (Leslie Mikesell)
Newsgroups: comp.unix.internals
Subject: Re: non-superuser chown(2)s considered harmful
Keywords: chown, mail
Message-ID: <1990Dec11.203632.7402@chinet.chi.il.us>
Date: 11 Dec 90 20:36:32 GMT
References: <18792@rpp386.cactus.org> <2800:Dec1001:29:4890@kramden.acf.nyu.edu> <1990Dec11.005644.20688@cbnewsk.att.com>
Organization: Chinet - Public Access UNIX
Lines: 26

In article <1990Dec11.005644.20688@cbnewsk.att.com> hansen@pegasus.att.com (Tony L. Hansen) writes:
>< Exactly. This is why several people have been arguing for chown() to
>< work between current and effective uids. Does chown() have any other
>< reasonable use?
>
>The mail(1) command uses chown(2) and set-gid to give a secure mail system. I
>feel that other methods are fraught with potential security holes.
>
>					Tony Hansen
>				att!pegasus!hansen, attmail!tony
>				    hansen@pegasus.att.com

Are you talking about the same SysV /bin/mail that I have (AT&T SysVr3)
that uses the environment variable LOGNAME to decide who you are
and allows you to forward your mail with the command:
mail -F new_address

If you are, try:
MAIL=/usr/mail/you LOGNAME=you mail -F me
  (replace "you" with someone else on the system who happens to have an
   empty mailbox, and "me" with your login name) 

Then tell me if you would still describe the system as secure.

Les Mikesell
  les@chinet.chi.il.us