non-superuser chown(2)s considered harmful
Tony L. Hansen
hansen at pegasus.att.com
Fri Dec 14 06:27:12 AEST 1990
< Les Mikesell les at chinet.chi.il.us
< Are you talking about the same SysV /bin/mail that I have (AT&T SysVr3)
< that uses the environment variable LOGNAME to decide who you are and
< allows you to forward your mail with the command: mail -F new_address
< If you are, try:
< MAIL=/usr/mail/you LOGNAME=you mail -F me
< (replace "you" with someone else on the system who happens to have an
< empty mailbox, and "me" with your login name)
< Then tell me if you would still describe the system as secure.
Yes, that bug was once there, but has been since squashed in SVr4 mail.
Compare the small number of security problems in Sys V mail through the years
(always using setgid+chown) with the numerous security problems in BSD mail
through the years (using setuid-root, world-writable mail area, or various
other schemes). I'll take the setgid+chown any day.
Tony Hansen
att!pegasus!hansen, attmail!tony
hansen at pegasus.att.com
More information about the Comp.unix.internals
mailing list