Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!hsdndev!cmcl2!kramden.acf.nyu.edu!brnstnd
From: brnstnd@kramden.acf.nyu.edu (Dan Bernstein)
Newsgroups: comp.unix.internals
Subject: Re: non-superuser chown(2)s considered harmful
Message-ID: <8039:Dec1622:22:4890@kramden.acf.nyu.edu>
Date: 16 Dec 90 22:22:48 GMT
References: <1990Dec11.203632.7402@chinet.chi.il.us> <1990Dec13.192712.25225@cbnewsk.att.com> <2803@cirrusl.UUCP>
Organization: IR
Lines: 14

In article <2803@cirrusl.UUCP> dhesi%cirrusl@oliveb.ATC.olivetti.com (Rahul Dhesi) writes:
> In <1990Dec13.192712.25225@cbnewsk.att.com> hansen@pegasus.att.com
> (Tony L. Hansen) writes:
> >...the numerous security problems in BSD mail
> >through the years (using setuid-root, world-writable mail area, or various
> >other schemes)
> Is there a security problem if the mail spool directory is world-
> writable but its sticky bit is set?

Yes. On some systems, for instance, you can keep someone from reading
mail by touching /usr/spool/mail/victim.lock. On others you can create
mailboxes for new users.

---Dan