On Fri, Mar 30, 2001 at 12:55:21PM -0500, Richard A Nelson wrote: > > ls -l /var/spool/mail > > drwxrwsr-x 2 root mail 4096 Mar 30 11:13 ./ > > afaict, the sticky bit doesn't buy anything with g=w,o!=w directory yes it does, the sticky bit doesn't have any relation to world writability, other then world writable directories are almost never without the sticky bit. [eb@socrates /tmp]$ ls -ld test/ drwxrwxr-t 2 root users 1024 Mar 30 14:54 test/ [eb@socrates /tmp]$ cd test/ [eb@socrates test]$ ls -l total 0 -rw-r--r-- 1 root root 0 Mar 30 14:55 rootsfile [eb@socrates test]$ rm -f rootsfile rm: cannot unlink `rootsfile': Operation not permitted [eb@socrates test]$ touch mefile [eb@socrates test]$ ls -l total 0 -rw-r----- 1 eb eb 0 Mar 30 14:55 mefile -rw-r--r-- 1 root root 0 Mar 30 14:55 rootsfile [eb@socrates test]$ rm -f mefile [eb@socrates test]$ the reason /var/mail should be sticky is there are only a bazillion setgid mail programs many of them i have no doubt were not written securely (mailx sure wasn't). so assuming that users' can't appropriate gid=mail is not a good idea. for example, anyone install the pine-src and then create pine .debs? notice its setgid mail? try something like this: $ export HOME=`perl -e 'print "x" x 100000'` ## maybe 10000 but i doubt it matters $ pine and watch it segfault. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgp7p195xreS9.pgp
Description: PGP signature