Nasty Security Hole?

Fri Nov 11 06:43:16 AEST 1988

In article <14466 at mimsy.UUCP> chris at mimsy.UUCP (Chris Torek) writes:
|In article <175 at ernie.NECAM.COM> peter at ernie.NECAM.COM (Peter DiPrete) writes:
|>... the mail directory has liberal permissions.  I even tried various
|>combinations of set{gu}id and sticky bits on the directory.
|
|The sticky bit on the directory is intended to fix that.  Alas, it is
|broken in the NFS implementations you mentioned.  You could try setting
|the spool directory to r-xr-xr-x, then make sure that two things still
|work: the first mail message to a user who has no spooled mail, and
|deleting all messages from spooled mail.

Note the ownerships, stickies, and permissions.
drwxrwxr-x   2 root     mail         256 Nov 10 10:21 /usr/mail
-rwxr-sr-x   1 bin      mail       25066 Oct 26  1985 /bin/lmail
-rwxr-sr-x   1 bin      mail       15000 Feb 17  1988 /bin/mail
-rwxr-sr-x   2 bin      mail       42292 Feb 17  1988 /bin/rmail
-rwxr-sr-x   2 bin      mail       42292 Feb 17  1988 /bin/smail
-rwxr-sr-x   1 bin      mail       99306 Oct 27  1985 /usr/bin/mailx
Happens to be smail2.5, but the principles are the same with other
mailers.
--
Mike Murphy  Sceard Systems, Inc.  544 South Pacific St.  San Marcos, CA  92069
UUCP: {nosc,ucsd}!sceard!mrm     INTERNET: mrm%sceard.UUCP at ucsd.ucsd.edu