Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!zaphod.mps.ohio-state.edu!julius.cs.uiuc.edu!ux1.cso.uiuc.edu!mp.cs.niu.edu!rickert
From: rickert@mp.cs.niu.edu (Neil Rickert)
Newsgroups: comp.unix.internals
Subject: Re: non-superuser chown(2)s considered harmful
Keywords: chown, mail
Message-ID: <1990Dec14.150710.4273@mp.cs.niu.edu>
Date: 14 Dec 90 15:07:10 GMT
References: <1990Dec11.203632.7402@chinet.chi.il.us> <1990Dec13.192712.25225@cbnewsk.att.com> <2803@cirrusl.UUCP>
Organization: Northern Illinois University
Lines: 24

In article <2803@cirrusl.UUCP> dhesi%cirrusl@oliveb.ATC.olivetti.com (Rahul Dhesi) writes:
>
>Is there a security problem if the mail spool directory is world-
>writable but its sticky bit is set?

 cd /usr/spool/mail
 ls dhesi
 Error: dhesi not found
 touch dhesi
 chmod 777 dhesi

 Now I own your mail box.  Depending on the version of /bin/mail the
ownership may revert to you when you next receive mail.  But it is
publically readable.  Maybe you go around checking if your mailbox is
publically readable, but most people don't.

  (This is not to mentions some other problems which I would prefer not
to publicize).

-- 
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
  Neil W. Rickert, Computer Science               <rickert@cs.niu.edu>
  Northern Illinois Univ.
  DeKalb, IL 60115.                                  +1-815-753-6940