Path: utzoo!utgpu!attcan!uunet!husc6!purdue!haven!mimsy!chris
From: chris@mimsy.UUCP (Chris Torek)
Newsgroups: comp.unix.wizards
Subject: Re: Nasty Security Hole?
Keywords: mail permissions security
Message-ID: <14466@mimsy.UUCP>
Date: 10 Nov 88 12:20:17 GMT
References: <175@ernie.NECAM.COM>
Distribution: na
Organization: U of Maryland, Dept. of Computer Science, Coll. Pk., MD 20742
Lines: 12

In article <175@ernie.NECAM.COM> peter@ernie.NECAM.COM (Peter DiPrete) writes:
>... the mail directory has liberal permissions.  I even tried various
>combinations of set{gu}id and sticky bits on the directory.

The sticky bit on the directory is intended to fix that.  Alas, it is
broken in the NFS implementations you mentioned.  You could try setting
the spool directory to r-xr-xr-x, then make sure that two things still
work: the first mail message to a user who has no spooled mail, and
deleting all messages from spooled mail.
-- 
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain:	chris@mimsy.umd.edu	Path:	uunet!mimsy!chris