Re: should /var/spool/mail/ have a the sticky bit set? ...

To: debian-user@lists.debian.org
Subject: Re: should /var/spool/mail/ have a the sticky bit set? ...
From: miquels@cistron-office.nl (Miquel van Smoorenburg)
Date: Sun, 1 Apr 2001 23:36:47 +0000 (UTC)
Message-id: <[🔎] 9a8e2e$58r$1@ncc1701.cistron.net>
References: <Pine.SOL.3.96.1010330111138.8638D-100000@mfcf.math.uwaterloo.ca> <20010330145235.Z909@plato.local.lan>

In article <20010330145235.Z909@plato.local.lan>,
Ethan Benson  <erbenson@alaska.net> wrote:
>the problem is you updated to the mailx package in
>security.debian.org, the old one had a security hole that allowed
>users to get gid=mail.  since mailx's code is a pile of crap as far as
>security is concerned debian (and some other distros) just said hell
>with it and removed the setgid bit altogether.  this means mail can
>only be used to send mail and not read it (well you can read it, but
>not delete or write the mailbox in any way) 

I'm not quite sure if this is correct, but if it is, mailx
should be converted to use liblockfile .. it solves the
problem nicely.

Mike.

Reply to:

Follow-Ups:
- Re: should /var/spool/mail/ have a the sticky bit set? ...
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: KDE
Next by Date: [yoush@cs.msu.su: A question about Debain xdm package]
Previous by thread: Re: should /var/spool/mail/ have a the sticky bit set? ...
Next by thread: Re: should /var/spool/mail/ have a the sticky bit set? ...
Index(es):
- Date
- Thread