Xref: utzoo news.sysadmin:1923 news.admin:4267 Path: utzoo!attcan!uunet!seismo!sundc!pitstop!sun!decwrl!labrea!rutgers!bellcore!faline!thumper!ulysses!andante!alice!debra From: debra@alice.UUCP (Paul De Bra) Newsgroups: news.sysadmin,news.admin Subject: Re: Bug in mail Keywords: bugs Message-ID: <8515@alice.UUCP> Date: 11 Dec 88 04:03:57 GMT References: <1215@altger.UUCP> Reply-To: debra@alice.UUCP () Organization: AT&T, Bell Labs Lines: 36 In article <1215@altger.UUCP> blue@altger.UUCP (blue) writes: >I noticed that on many Sys V systems, /usr/spool/mail is left >writable while contained mails are not readable~r . >Well, this solves the problem of privacy, since on many systems >while you run a sub shell from the mail (read) command you >get mail privileges . >... What you describe is clearly buggy behaviour. Fortunately some mailers do better: 1) mail should be suid root, to be able to become the user who invokes it before entering a sub-shell (or an editor). 2) /usr/spool/mail/should NOT be writable by everyone. However, on many systems that do take this approach all mail is readable by everyone. There is no mail privacy imposed by the system. (though you cannot write in other people's mailbox other than by sending them mail) Though you may not like this I feel it is not a bug but a feature. One can read other people's mail but shouldn't. (Just like you can spread worms but shouldn't) If you really want secret mail, there always is secretmail (for sending and receiving encrypted mail). It is useful and legitimate to use read-access to someone's mail-file if 1) he/she requests you to do so (like to check for a message while being at a conference) 2) he/she wants you to uucp or mail the file to another site (where he/she can read it). This can be more useful than installing a forwarding address if the person wants a copy of incoming mail to remain on his/her machine. Paul. -- ------------------------------------------------------ |debra@research.att.com | uunet!research!debra | ------------------------------------------------------