Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site uwvax.UUCP
Path: utzoo!linus!decvax!genrad!wjh12!harvard!seismo!uwvax!dave
From: dave@uwvax.UUCP (Dave Cohrs)
Newsgroups: net.unix-wizards
Subject: Re: deceptive mail
Message-ID: <45@uwvax.UUCP>
Date: Sat, 10-Nov-84 10:36:33 EST
Article-I.D.: uwvax.45
Posted: Sat Nov 10 10:36:33 1984
Date-Received: Sun, 11-Nov-84 20:08:26 EST
References: <331@uvm-cs.UUCP>
Organization: U of Wisconsin CS Dept
Lines: 28

> Somebody here noticed the following "feature" of mail (4.2 BSD).  Under
> certain conditions, a user "xyzu" can do a "set user=abcd" and send mail
> to user "pqrs".  To "pqrs" it appears that "abcd" sent the mail (xyzu <>
> abcd).  This could cause misunderstandings or such if "xyzu" were malicious.
> Is this a feature or a bug?  Thanks.

I think this is the product of a bug and a "feature".  The bug is in /bin/mail
and a bad fix in the same.  It seems that /bin/mail would through mail
from uucp on the floor under certain circumstances.  The fix was to take
out all checking for the sender and just believe whatever /bin/mail was told.
Not a good policy as far as I'm concerned.  The feature is that mail loves
to look at silly things like getlogin() and $USER instead of more valid
things like getpwuid(getuid()) for the username.  These two combined cause
mail to make bogus 'From' lines.

The real fix is in /bin/mail -- get rid of the bad fix and do getpwuid()s
instead of getlogin()s to find the username.  While you're at it, you
might want to do this to ucb/mail and sendmail too.  I guess this isn't the
most popular way of handling mail senders, but I find it the most reliable --
I tend to like my mail coming from whomever the person is currently, not who
they logged in as!

-- 
(Bug?  What bug?  That's a feature!)

Dave Cohrs
...!{allegra,heurikon,ihnp4,seismo,uwm-evax}!uwvax!dave
dave@wisc-rsch.arpa