Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!syd
From: syd@DSI.COM (Syd Weinstein)
Newsgroups: comp.mail.elm
Subject: Re: why isn't /usr/spool/mail file deleted?
Message-ID: <1991Mar26.013446.23220@DSI.COM>
Date: 26 Mar 91 01:34:46 GMT
References: <1122@moncol.UUCP>
Reply-To: syd@DSI.COM
Organization: Datacomp Systems, Inc.  Huntingdon Valley, PA
Lines: 19

ben@moncol.UUCP (Bennett Broder) writes:
>Does anyone know why the mail spoolfile isn't deleted when the last message
>is deleted?  This is standard behavior for /bin/mail and mailx, and would be
>desirable for elm.  I have fixed leavembox.c to do this, can you forsee
>any problems?
Yup, mail spoofing in sites that run /usr/spool/mail 3777 (BSD style).

If you delete the mailbox, then none is there and someone else can
create one and then own it and read all your mail preventing you
from reading your mail.

This is only an attack valid on BSD stype systems that do not use
Elm setgid and use /usr/spool/mail with mode 3777 (sticky, setgid).

-- 
=====================================================================
Sydney S. Weinstein, CDP, CCP                   Elm Coordinator
Datacomp Systems, Inc.                          Voice: (215) 947-9900
syd@DSI.COM or dsinc!syd                        FAX:   (215) 938-0235