Re: A few questions for everyone

To: mdickey@thorplus.lib.purdue.edu
Subject: Re: A few questions for everyone
From: iwj10@cus.cam.ac.uk (Ian Jackson)
Date: Tue, 15 Feb 94 02:57 PST
Message-id: <[🔎] m0pWDhJ-0002dGC.ijackson@nyx.cs.du.edu>
Reply-to: debian-user@pixar.com

Brandon Allbery writes:
>In your message of Sun, 13 Feb 1994 11:53:00 PST, [Ian Murdock writes]:
>| What was the solution for the Emacs RMAIL permission problem?  I've
>| been playing around with it and I can't get it to work.
>+------------->8
>
>/var/spool/mail should be mode 1777 root.mail.  (Note the sticky bit.)  This 
>is the recommended permission for RMAIL (or at least it was in Emacs 18) to 
>work.

This is false.  /var/spool/mail should be 2775 (or perhaps 0775) and
group owner mail.  Anything that needs to access (lock) mailboxes
needs to be sgid mail.

If people don't believe me I can produce an example intrusion (that
I've tested and found to work) based on a world-writeable
/var/spool/mail.

The problem with Emacs RMAIL sounds like movemail not being sgid.  You
should check that the version of movemail you have does do appropriate
checks (some very early versions didn't), and if so install it sgid to
mail.

The same goes for elm and mailx.  I don't know whether mh
(specifically, I think that only the 'inc' command needs to be sgid)
is sufficiently secure.  If not it should be made so.

Ian.

Reply to:

Prev by Date: Re: iso9660 unsupported !!??
Next by Date: Re: A few questions for everyone
Previous by thread: Re: A few questions for everyone
Next by thread: Re: A few questions for everyone
Index(es):
- Date
- Thread