[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: A few questions for everyone

Brandon Allbery writes:
>In your message of Sun, 13 Feb 1994 11:53:00 PST, [Ian Murdock writes]:
>| What was the solution for the Emacs RMAIL permission problem?  I've
>| been playing around with it and I can't get it to work.
>/var/spool/mail should be mode 1777 root.mail.  (Note the sticky bit.)  This 
>is the recommended permission for RMAIL (or at least it was in Emacs 18) to 

This is false.  /var/spool/mail should be 2775 (or perhaps 0775) and
group owner mail.  Anything that needs to access (lock) mailboxes
needs to be sgid mail.

If people don't believe me I can produce an example intrusion (that
I've tested and found to work) based on a world-writeable

The problem with Emacs RMAIL sounds like movemail not being sgid.  You
should check that the version of movemail you have does do appropriate
checks (some very early versions didn't), and if so install it sgid to

The same goes for elm and mailx.  I don't know whether mh
(specifically, I think that only the 'inc' command needs to be sgid)
is sufficiently secure.  If not it should be made so.


Reply to: