[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: should /var/spool/mail/ have a the sticky bit set? ...

In article <20010330145235.Z909@plato.local.lan>,
Ethan Benson  <erbenson@alaska.net> wrote:
>the problem is you updated to the mailx package in
>security.debian.org, the old one had a security hole that allowed
>users to get gid=mail.  since mailx's code is a pile of crap as far as
>security is concerned debian (and some other distros) just said hell
>with it and removed the setgid bit altogether.  this means mail can
>only be used to send mail and not read it (well you can read it, but
>not delete or write the mailbox in any way) 

I'm not quite sure if this is correct, but if it is, mailx
should be converted to use liblockfile .. it solves the
problem nicely.


Reply to: