[351] in linux-security and linux-alert archive
Re: elm and /tmp/mbox.*
daemon@ATHENA.MIT.EDU (Joshua Cowan)
Wed Sep 6 04:30:46 1995
Resent-From: Jeff Uphoff <juphoff@tarsier.cv.nrao.edu>
Resent-To: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.91.950905071155.23069D-100000@hobbiton>
From: Joshua Cowan <jcowan@jcowan.reslife.okstate.edu>
To: owner-linux-security@tarsier.cv.nrao.edu
Cc: "Dragisa N. Duric" <dragisha@hobbiton.ho.com>
Date: Wed, 6 Sep 1995 02:19:54 -0500
[Mod: Please send all submissions to this list to the "linux-security@"
address--not to the "owner-linux-security@" address (which is the
Sender: address for outgoing posts, primarily for catching bounces and
the like). Sending to the "owner-" address forces me to to resend the
message to the proper address to initiate the approval mechanism and to
preserve the From:, Message-Id:, etc., headers. Thanks! --Jeff.]
>>>>> "Dragisa" == Dragisa N Duric <dragisha@hobbiton.ho.com> writes:
Dragisa> On 4 Sep 1995, Panzer Boy wrote:
>> Why oh why is ELM SUID root?
Dragisa> It is error. u-s.
If, in fact, it is suid root, it is most definitely an error. Perhaps
it is an older version of elm, in which case you will probably want to
make sure that `arepdaemon' isn't still on the system (I think CERT
issued a warning about this; in any case it is a big security hole).
>> What does it do that requires root access? It's SGID MAIL over
>> here, and I have no complaints, and I'm trying to figure out
>> why it's even that.
Dragisa> It is SGID mail because ELM needs write access to
Dragisa> /var/spool/mail for locking purposes.
>> [mod: The obvious alternative would be to have the mail drop
>> directory mode 1777... Dunno how sendmail and smail react to
>> forwarding statements in mailboxes not owned by the proper user
>> --okir]
Dragisa> If i understand this correctly, there are some security
Dragisa> holes with this approach. I don't know current mailer's
Dragisa> behavior, but one of possible problems is in fact that
Dragisa> everyone can create any nonexistent file in mail drop
Dragisa> directory. For example, link to someones .rhosts or
Dragisa> something like.. -- dragisha
I have the user's mail delivered to their respective home directories.
This means that I neither have to make the mail spool directory world
writable nor do I have to make any MUA's setgid mail (or mmdf).
My MTA is Sendmail 8.7 using procmail as the local mailer program. I
had to modify Pine to look in the user's home directory for the
default INBOX, since it apparently doesn't use the ``MAIL''
environment variable (elm and emacs (VM) do) --- there may be an
easier way, but not that I know of (I don't care for Pine,
personally). I also modified the POP server accordingly.
If enough people are interested, I can make snapshots of
elm-2.4pl24me7a (patched to use ~/mbox.$USER, other little
enhancements), mh-6.8.3 (I didn't build shared libs; at least one util
is broken), pine3.91, qpopper-2.1.3 (_lots_ of enhancements & fixes (?)
over version on SunSITE), and procmail-3.11pre3 sources available,
perhaps as diffs against clean source trees. I can't make Sendmail
8.7 available, but it can be retrieved from
ftp://ftp.cs.berkeley.edu/ucb/src/sendmail/.prerelease. I _can_ make
my `sendmail.cf' available, or the m4 sources. All of these were
built on a ELF (5.2.x) system.
I think this is a good solution to the problem of how to handle local
mail delivery, but please poke holes in it. ;-)
--
Joshua Cowan <jcowan@hermit.reslife.okstate.edu> __| I don't want to listen
http://hermit.reslife.okstate.edu/~jcowan | but it's all too clear...
Computer Engineering Student -- Oklahoma State University -- Stillwater, OK
PGP key available from any PGP keyserver or by fingering the above address.
