Re: mh security

To: Jason Killen <jkillen@tinuviel.cs.wcu.edu>
Cc: debian-user@lists.debian.org
Subject: Re: mh security
From: Roderick Schertler <roderick@argon.org>
Date: 25 Apr 1997 22:00:02 -0400
Message-id: <[🔎] pz3esezgpp.fsf@eeyore.ibcinc.com>
References: <[🔎] 199704240441.AAA16069@tinuviel.cs.wcu.edu>

On Thu, 24 Apr 1997 00:41:10 -0400, Jason Killen <jkillen@tinuviel.cs.wcu.edu> said:
> 
> [...] I changed inc and msgchk to rwxr-xr-x (instead of rwxr-sr-x).
> Does anyone know if what I did could create any problems??

Yes, it will prevent MH users from reading new mail.

> Did I fix any problems???

No known problems.

> It seems to me that as long as I own my /var/spool/mail file inc and
> msgchk don't need to be suid.

Not so, the system uses .lock files for locking.  inc needs to be setgid
mail so it can create the /var/spool/mail/foo.lock file.

-- 
Roderick Schertler
roderick@argon.org


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- mh security
  - From: Jason Killen <jkillen@tinuviel.cs.wcu.edu>

Prev by Date: Re: Debian PPP win95
Next by Date: Re: LILO (DOH!!) J.B. does it again.
Previous by thread: mh security
Next by thread: Problem with cdwrite, Help needed bad
Index(es):
- Date
- Thread