[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Another minor security query...

   Date: Thu, 7 Apr 94 01:41 PDT
   From: iwj10@cus.cam.ac.uk (Ian Jackson)

   A world-writeable mail spool is a security hole: at the very least it
   allows users to arrange to receive others' mail. [*]

   Any programs that need to access the mail spool (for example, to
   create lockfiles) have to be made setgid to group mail, obviously
   after checking that they take appropriate security precautions.

Hmm.  Try as I might, I could not get Emacs movemail to work with a
root.mail, 2775 /var/spool/mail, even when it (movemail) was setgid
mail.  I believe others had the same problem.  Did I miss a binary

Ian Murdock <imurdock@gnu.ai.mit.edu>

Reply to: