Re: Netscape Mail & /var/spool/mail permissions

To: "Brian C. White" <bcwhite@verisim.com>
Cc: Debian Developers <debian-devel@lists.debian.org>
Subject: Re: Netscape Mail & /var/spool/mail permissions
From: Dan Stromberg <strombrg@hydra.acs.uci.edu>
Date: Fri, 07 Jun 1996 16:43:44 -0700
Message-id: <[🔎] 31B8BEB0.2A30@hydra.acs.uci.edu>
References: <Pine.SOL.3.91.960602191646.23053C-100000@bingy.acs.uci.edu> <[🔎] 31B2F1E5.59796B07@verisim.com>

I see the problem now - thanks.

I'm not on the developers' list, so I'll miss any responses that aren't
cc'd.

I believe procmail, when configured as the "Mlocal" delivery agent, will
handle improperly owned files at delivery time.  I don't recall if it
renames the prior file, or chowns it - but things end up working out
nicely.

We use procmail as the local delivery agent on all the mail hubs we set
up these days (sun, sgi, dec).  It's been working nicely.

Nice side effect: users don't need gibberish in their .forward's to use
.procmailrc's, if you set procmail up as the local delivery agent.

Brian C. White wrote:
> 
> > > Second, do _not_ change the permissions of /var/spool/mail.  The permissions
> > > that Netscape suggests introduce a small security hole where one user could
> > > potentially gain complete access to another's mail.  (It's small, but true.)
> > > The permissions in the Debian system are correct.
> >
> > What is the nature of this hole?
> 
> The problem happens like this...
> 
>  - root adds world write permissions to /var/spool/mail
>  - cracker creates file /var/spool/mail/fred with public read/write
>  - new user "fred" is created
>  - cracker and fred (and rest of the world) can read/write fred's mail.
> 
> Networks and NIS could create users on machines where the user doesn't
> actually have a home directory, but to which mail could be specifically
> directed, thus giving the hacker a free and largely untraceable mail
> account.
> 
> There is the additional problem that anyone could also create all
> the files and directories they want under /var/spool/mail.
> 
> > I've run into *ix variants that don't need 1777 mail spools before, but
> > I've never heard of it being a security hole to make their spool 1777.
> >
> > Debian uses sendmail V8, no?  Is it using an oddball delivery agent or
> > something?
> 
> This would affect all systems as far as I can tell.
> 
>                                         Brian
>                                ( bcwhite@verisim.com )
> 
> -------------------------------------------------------------------------------
>     In theory, theory and practice are the same.  In practice, they're not.

Reply to:

References:
- Re: Netscape Mail & /var/spool/mail permissions
  - From: "Brian C. White" <bcwhite@verisim.com>

Prev by Date: Re: termcap bugs
Next by Date: Octave-1.1.1-3 uploaded to master!
Previous by thread: Re: Netscape Mail & /var/spool/mail permissions
Next by thread: Bug#3200: (no subject)
Index(es):
- Date
- Thread