Path: utzoo!attcan!uunet!bu.edu!att!cbnewsl!cbnewsk!pegasus!hansen
From: hansen@pegasus.att.com (Tony L. Hansen)
Newsgroups: comp.unix.internals
Subject: Re: non-superuser chown(2)s considered harmful
Summary: yes, System V mail is secure
Keywords: chown, mail
Message-ID: <1990Dec13.192712.25225@cbnewsk.att.com>
Date: 13 Dec 90 19:27:12 GMT
References: <2800:Dec1001:29:4890@kramden.acf.nyu.edu> <1990Dec11.005644.20688@cbnewsk.att.com> <1990Dec11.203632.7402@chinet.chi.il.us>
Sender: hansen@cbnewsk.att.com (tony.l.hansen)
Organization: AT&T Bell Laboratories
Lines: 19

< Les Mikesell les@chinet.chi.il.us
< Are you talking about the same SysV /bin/mail that I have (AT&T SysVr3)
< that uses the environment variable LOGNAME to decide who you are and
< allows you to forward your mail with the command:  mail -F new_address
< If you are, try:
< MAIL=/usr/mail/you LOGNAME=you mail -F me
<   (replace "you" with someone else on the system who happens to have an
<    empty mailbox, and "me" with your login name) 
< Then tell me if you would still describe the system as secure.

Yes, that bug was once there, but has been since squashed in SVr4 mail.
Compare the small number of security problems in Sys V mail through the years
(always using setgid+chown) with the numerous security problems in BSD mail
through the years (using setuid-root, world-writable mail area, or various
other schemes). I'll take the setgid+chown any day.

					Tony Hansen
				att!pegasus!hansen, attmail!tony
				    hansen@pegasus.att.com