From: ericb@hplsla.hp.com (Eric Backus) Date: Sat, 17 Oct 1992 01:29:09 GMT Subject: Re: Any mail or fakemail available for linux ?
Todd Radel writes:
>erc@unislc.uucp (Ed Carp) writes:
>>Steve M. Robbins (steve@Nyongwa.CAM.ORG) wrote:
>>
>>: As I recall, the important things were:
>>: - elm is a regular program NOT setgid
>>: - /usr/spool/mail has permissions 1777 (global read/write with the sticky bit)
>>: - the mailboxes in /usr/spool/mail have permissions 600 (rw for owner only)
>>
>>Excuse me? Isn't this a security hole to have a directory world writeable?
>>I thought the sticky bit was just for deletion of files.
>
>The /var/spool/mail directory on our SPARCserver clusters is also 1777.
>It's not much of a security hole as long as a mailbox exists for each
>user that is at least length 0 and is chmod'ed 600.
>
>Assuming the above holds true, nobody can delete, read, or write to other
>people's mailboxes. All you could do is create a new file in the directory,
>which doesn't seem to be very harmful...
I don't know the details of what the sticky bit does to a directory on
a SPARCserver. However, this still appears to be a security hole.
Here's what you could try to do:
Move someone's mailbox to a different name. Even if noone else can
read it, you could now create fake mail for the original person.
Or you could put a non-writable file there to prevent the person
from ever receiving mail.