Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uwm.edu!linac!att!ucbvax!DCDMJW.FNAL.GOV!wicks
From: wicks@DCDMJW.FNAL.GOV ("Matthew J. Wicks")
Newsgroups: comp.sys.sgi
Subject: Re: Is this a mail bug?
Message-ID: <9105161326.AA20522@dcdmjw.fnal.gov>
Date: 16 May 91 13:26:26 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 70

>>Date: 16 May 91 02:02:38 GMT
>>From: Dong Chen <umiacs.umd.edu!dong@mimsy.umd.edu>
>>Organization: UMIACS, Univ. of Maryland, College Park, MD 20742
>>Subject: Is this a mail bug ?
>>Message-Id: <34541@mimsy.umd.edu>
>>
>>This seems a bug for me.
>>After I change my LOGNAME to somebody else's name,
>>I can actually read all his mails using "Mail".
>>While I cannot read /usr/mail/foo directly.
>>here is what it's like:
>>
>>%setenv LOGNAME foo
>>%Mail
>>Mail version 5.2 6/21/85.  Type ? for help.
>>"/usr/mail/foo": 2 messages 2 unread [Read only]
>>>U  1 *******
>> U  2 *******
>>& q
>>%more /usr/mail/foo
>>/usr/mail/foo: Permission denied
>>%ls -l /usr/mail/foo
>>-rw-rw----   1 foo      mail        2338 May  9 14:02 /usr/mail/foo
>>
>>After I changed the mode to 600, others cannot read the mail.
>>But since the default one is 660, I don't know if there are potential problem
>>to change it to 660 ?

This bug was discovered last October and a fix has been provided by SGI. I
am attaching an old posting from this news group giving details of how to
get the fix.


Matt Wicks
Fermi National Accelerator Laboratory
wicks@fnal.fnal.gov
708-840-8083

-----------------------------------OLD POSTING------------------------------
>From info-iris-request@vmb.brl.mil  Thu Oct 11 18:56:33 1990
Received: from [131.225.102.1] by dcdlaa.fnal.gov (5.52/1.34)
        id AA14729; Thu, 11 Oct 90 18:56:33 CDT
Date: 11 Oct 90 19:37:35 GMT
>From: Superuser <sgi!root@ucbvax.berkeley.edu>
Subject: WARNING - Security hole in IRIX 3.3 /usr/sbin/Mail
Message-Id: <71861@sgi.sgi.com>
Sender: info-iris-request@BRL.MIL
To: info-iris@BRL.MIL
Status: R

--- WARNING ---

There is a security hole in IRIX 3.3 and 3.3.1 /usr/sbin/Mail.
Due to the nature of this problem, I shall provide no further details.

For the benefit of those with immediate security concerns, a fixed
/usr/sbin/Mail binary has been made available for anonymous ftp from
SGI.COM ([192.48.153.1]).  The fixed binary can be found at:
        sgi/Mail/Mail

under the ftp directory.

Note that this binary must be installed with the same group (mail) and
permissions (2755) as your existing 3.3 or 3.3.1 /usr/sbin/Mail.

Apologies for any inconvenience.
        Robert Stephens
        Silicon Graphics Inc.
        Mountain View, CA
        roberts@sgi.com