Path: utzoo!utgpu!attcan!uunet!ncrlnk!ncr-sd!hp-sdd!sceard!mrm
From: mrm@sceard.UUCP (M.R.Murphy)
Newsgroups: comp.unix.wizards
Subject: Re: Nasty Security Hole?
Keywords: mail permissions security
Message-ID: <850@sceard.UUCP>
Date: 10 Nov 88 20:43:16 GMT
References: <175@ernie.NECAM.COM> <14466@mimsy.UUCP>
Reply-To: mrm@sceard.UUCP (0040-M.R.Murphy)
Distribution: na
Organization: Sceard Systems, Inc., San Marcos, CA  92069
Lines: 23

In article <14466@mimsy.UUCP> chris@mimsy.UUCP (Chris Torek) writes:
|In article <175@ernie.NECAM.COM> peter@ernie.NECAM.COM (Peter DiPrete) writes:
|>... the mail directory has liberal permissions.  I even tried various
|>combinations of set{gu}id and sticky bits on the directory.
|
|The sticky bit on the directory is intended to fix that.  Alas, it is
|broken in the NFS implementations you mentioned.  You could try setting
|the spool directory to r-xr-xr-x, then make sure that two things still
|work: the first mail message to a user who has no spooled mail, and
|deleting all messages from spooled mail.

Note the ownerships, stickies, and permissions.
drwxrwxr-x   2 root     mail         256 Nov 10 10:21 /usr/mail
-rwxr-sr-x   1 bin      mail       25066 Oct 26  1985 /bin/lmail
-rwxr-sr-x   1 bin      mail       15000 Feb 17  1988 /bin/mail
-rwxr-sr-x   2 bin      mail       42292 Feb 17  1988 /bin/rmail
-rwxr-sr-x   2 bin      mail       42292 Feb 17  1988 /bin/smail
-rwxr-sr-x   1 bin      mail       99306 Oct 27  1985 /usr/bin/mailx
Happens to be smail2.5, but the principles are the same with other
mailers.
--
Mike Murphy  Sceard Systems, Inc.  544 South Pacific St.  San Marcos, CA  92069
UUCP: {nosc,ucsd}!sceard!mrm     INTERNET: mrm%sceard.UUCP@ucsd.ucsd.edu