non-superuser chown(2)s considered harmful
Dan Bernstein
brnstnd at kramden.acf.nyu.edu
Mon Dec 17 09:22:48 AEST 1990
In article <2803 at cirrusl.UUCP> dhesi%cirrusl at oliveb.ATC.olivetti.com (Rahul Dhesi) writes:
> In <1990Dec13.192712.25225 at cbnewsk.att.com> hansen at pegasus.att.com
> (Tony L. Hansen) writes:
> >...the numerous security problems in BSD mail
> >through the years (using setuid-root, world-writable mail area, or various
> >other schemes)
> Is there a security problem if the mail spool directory is world-
> writable but its sticky bit is set?
Yes. On some systems, for instance, you can keep someone from reading
mail by touching /usr/spool/mail/victim.lock. On others you can create
mailboxes for new users.
---Dan
More information about the Comp.unix.internals
mailing list