From: radel@bach.udel.edu (Todd Radel) Subject: Re: Any mail or fakemail available for linux ? Date: Fri, 16 Oct 1992 01:26:59 GMT
In article <1992Oct15.221410.23613@unislc.uucp> erc@unislc.uucp (Ed Carp) writes:
>Steve M. Robbins (steve@Nyongwa.CAM.ORG) wrote:
>
>: As I recall, the important things were:
>: - elm is a regular program NOT setgid
>: - /usr/spool/mail has permissions 1777 (global read/write with the sticky bit)
>: - the mailboxes in /usr/spool/mail have permissions 600 (rw for owner only)
>
>Excuse me? Isn't this a security hole to have a directory world writeable?
>I thought the sticky bit was just for deletion of files.
The /var/spool/mail directory on our SPARCserver clusters is also 1777.
It's not much of a security hole as long as a mailbox exists for each
user that is at least length 0 and is chmod'ed 600.
Assuming the above holds true, nobody can delete, read, or write to other
people's mailboxes. All you could do is create a new file in the directory,
which doesn't seem to be very harmful...
-- Todd Radel | "Hello. My name is Inigo Montoya. You killed Honors CISC undergrad | my father. Prepare to die." University of Delaware | "STOP SAYING THAT!" -- _The_Princess_Bride_ Call the Politically Incorrect BBS! (302) 837-8088 V.32bis/24hrs Fido 1:150/380