Path: utzoo!yunexus!ists!mike
From: mike@ists (Mike Clarkson)
Newsgroups: comp.emacs
Subject: Re: Is GNU Cause of Security Problems???
Message-ID: <126@ists>
Date: 18 May 88 05:40:21 GMT
Article-I.D.: ists.126
Posted: Wed May 18 01:40:21 1988
References: <8805102131.AA00798@icst-cmr.arpa> <2086@rtech.UUCP>
Organization: Institute for Space and Terrestrial Science
Lines: 28

In article <2086@rtech.UUCP>, daveb@llama.rtech.UUCP (It takes a clear mind to make it) writes:
> Someone wrote:
> >   Nothing in gnu Emacs is suid root (or anything else), nor is anything
> >   default world writable.  Gnu should be no more "dangerous" than any
> >   other program.
> 
> I've just gotten my May CACM, and I'm passing this on for those who
> haven't gotten it.  There is a real problem, fix enclosed below.

Thank-you for the excellent posting: I was the "Someone" and I'm much
relieved to know that the problem has been clearly identified.  We don't
run movemail suid here because we are using Suns with the flock system
call to lock the file.  It's always amazing to see how fast a little
suid program can cause havoc.

Are there many sites who's mailers write temp files in /usr/spool/mail
to lock the files?  Or do most people have flock or its equivalent?

While we are on the subject, perhaps we should also replace flock with
lockf for sites that have it.  Then people can remote mount /usr/spool/mail
from clients on a network and still have locking across nfs.


-- 
Mike Clarkson					mike@ists.UUCP
Institute for Space and Terrestrial Science	mike@ists.yorku.ca
York University, North York, Ontario,		uunet!mnetor!yunexus!ists!mike
CANADA M3J 1P3					+1 (416) 736-5611