From: zmbenhal@netcom.com (Zeyd M. Ben-Halim) Subject: Re: Any mail or fakemail available for linux ? Date: Sun, 18 Oct 1992 00:06:48 GMT
In article <147770002@hplsla.hp.com> ericb@hplsla.hp.com (Eric Backus) writes:
>Todd Radel writes:
>>erc@unislc.uucp (Ed Carp) writes:
>>>Steve M. Robbins (steve@Nyongwa.CAM.ORG) wrote:
>>>
>>>: As I recall, the important things were:
>>>: - elm is a regular program NOT setgid
>>>: - /usr/spool/mail has permissions 1777 (global read/write with the sticky bit)
>>>: - the mailboxes in /usr/spool/mail have permissions 600 (rw for owner only)
>>>
>>>Excuse me? Isn't this a security hole to have a directory world writeable?
>>>I thought the sticky bit was just for deletion of files.
>>
>>The /var/spool/mail directory on our SPARCserver clusters is also 1777.
>>It's not much of a security hole as long as a mailbox exists for each
>>user that is at least length 0 and is chmod'ed 600.
>>
>>Assuming the above holds true, nobody can delete, read, or write to other
>>people's mailboxes. All you could do is create a new file in the directory,
>>which doesn't seem to be very harmful...
>
>I don't know the details of what the sticky bit does to a directory on
>a SPARCserver. However, this still appears to be a security hole.
>Here's what you could try to do:
>
> Move someone's mailbox to a different name. Even if noone else can
^^^^
You can't do that! The sticky bit prevents you from writing to any file that
does not give explicit write permission. writing include deleting a file.
Since all mailboxes should be 0600 then no one can read, write, or delete any
of them.
> read it, you could now create fake mail for the original person.
> Or you could put a non-writable file there to prevent the person
> from ever receiving mail.
>--
> Eric Backus
> ericb@hplsla.hp.com