Another minor security query...
Date: Thu, 7 Apr 94 01:41 PDT
From: iwj10@cus.cam.ac.uk (Ian Jackson)
A world-writeable mail spool is a security hole: at the very least it
allows users to arrange to receive others' mail. [*]
Any programs that need to access the mail spool (for example, to
create lockfiles) have to be made setgid to group mail, obviously
after checking that they take appropriate security precautions.
Hmm. Try as I might, I could not get Emacs movemail to work with a
root.mail, 2775 /var/spool/mail, even when it (movemail) was setgid
mail. I believe others had the same problem. Did I miss a binary
somewhere?
Ian Murdock <imurdock@gnu.ai.mit.edu>
Reply to: