From: torvalds@klaava.Helsinki.FI (Linus Torvalds) Subject: Re: Any mail or fakemail available for linux ? Date: 17 Oct 1992 21:52:24 GMT
In article <147770002@hplsla.hp.com> ericb@hplsla.hp.com (Eric Backus) writes:
>
>I don't know the details of what the sticky bit does to a directory on
>a SPARCserver. However, this still appears to be a security hole.
>Here's what you could try to do:
>
> Move someone's mailbox to a different name. Even if noone else can
> read it, you could now create fake mail for the original person.
> Or you could put a non-writable file there to prevent the person
> from ever receiving mail.
With the sticky bit set, you cannot even move the mailbox, so this is
not a problem. Although old versions of linux actually return the wrong
error-value for this (ENOENT instead of EPERM), it has been enforced
since about 0.96c, when somebody pointed this out to me. And 0.98.2
will correct even the error-return (thanks to this thread: I don't think
I had actually tested it out before now :-)
Linus