[348] in linux-security and linux-alert archive
Re: elm and /tmp/mbox.*
daemon@ATHENA.MIT.EDU (Dragisa N. Duric)
Tue Sep 5 15:24:16 1995
Date: Tue, 5 Sep 1995 07:20:52 +0200 (MET DST)
From: "Dragisa N. Duric" <dragisha@hobbiton.ho.com>
To: Panzer Boy <panzer@dhp.com>
cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <42fc0u$vol@dhp.com>
On 4 Sep 1995, Panzer Boy wrote:
> Why oh why is ELM SUID root?
It is error. u-s.
> What does it do that requires root access? It's SGID MAIL over here, and
> I have no complaints, and I'm trying to figure out why it's even that.
It is SGID mail because ELM needs write access to /var/spool/mail for
locking purposes.
> [mod: The obvious alternative would be to have the mail drop directory
> mode 1777... Dunno how sendmail and smail react to forwarding
> statements in mailboxes not owned by the proper user --okir]
If i understand this correctly, there are some security holes with this
approach. I don't know current mailer's behavior, but one of possible
problems is in fact that everyone can create any nonexistent file in mail
drop directory. For example, link to someones .rhosts or something
like..
--
dragisha
