Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ncar!boulder!stan!dce
From: dce@stan.UUCP (David Elliott)
Newsgroups: comp.mail.mh
Subject: Re: A question about "inc".
Message-ID: <351@salgado.stan.UUCP>
Date: 29 Jan 89 19:13:58 GMT
References: <48941@yale-celray.yale.UUCP> <8901280137.AA24180@cheops.cis.ohio-state.edu>
Reply-To: dce@salgado.UUCP (David Elliott)
Organization: Solbourne Computer Inc., Longmont, Colorado
Lines: 18

In article <8901280137.AA24180@cheops.cis.ohio-state.edu> wisner@CIS.OHIO-STATE.EDU (Bill Wisner) writes:
>Change inc to group mail and turn on the 2000 mode bit (the setgid bit).

Then, try

	inc -notruncate -file {mailfile}

where {mailfile} is a non-empty file in /usr/spool/mail or /usr/mail
that you can't read.

Of course, I may be wrong, but I think that making inc setgid mail will
allow you to read a file you shouldn't be able to.

Are files in /usr/mail readable by group 'mail', or just writable?

-- 
David Elliott		...!pyramid!boulder!stan!dce
"All he wanted was a Pepsi, but I wouldn't give it to him!" -- Mike's mom