non-superuser chown(2)s considered harmful

Greg A. Woods woods at eci386.uucp
Sat Dec 15 04:10:22 AEST 1990 

In article <1990Dec11.203632.7402 at chinet.chi.il.us> les at chinet.chi.il.us (Leslie Mikesell) writes:
> In article <1990Dec11.005644.20688 at cbnewsk.att.com> hansen at pegasus.att.com (Tony L. Hansen) writes:
> >The mail(1) command uses chown(2) and set-gid to give a secure mail system. I
> >feel that other methods are fraught with potential security holes.
>
> Are you talking about the same SysV /bin/mail that I have (AT&T SysVr3)
> that uses the environment variable LOGNAME to decide who you are
> and allows you to forward your mail with the command:
> mail -F new_address
>
> If you are, try:
> MAIL=/usr/mail/you LOGNAME=you mail -F me
>   (replace "you" with someone else on the system who happens to have an
>    empty mailbox, and "me" with your login name) 
> 
> Then tell me if you would still describe the system as secure.

$ uname -a
eci386 eci386 1.0.6 1 80386
$ # [That's 386/ix, an AT&T System V Release 3.0 derivative]
$ ls -l /usr/mail/chris
-rw-rw----   1 chris    mail           0 Nov  4 12:59 /usr/mail/chris
$ # [binmail is the real mail, mail is svbinmail from smail-2.5]
$ ls -l /bin/binmail
-rwxr-sr-x   2 bin      mail       49208 Jun  2  1988 /bin/binmail
$ what /bin/binmail
/bin/binmail:
	 cb:mail  386/ix Version 1.0.6
$ MAIL=/usr/mail/chris LOGNAME=chris /bin/binmail -F woods
binmail: Invalid permissions
binmail: Cannot install/remove forwarding without empty mailfile
$ ls -l /usr/mail/chris
-rw-rw----   1 chris    mail           0 Nov  4 12:59 /usr/mail/chris
$ ls -l /usr/mail/root
-rw-rw----   1 root     mail       27820 Dec 12 05:18 /usr/mail/root
$ MAIL=/usr/mail/root LOGNAME=root /bin/binmail -F woods
binmail: Invalid permissions
binmail: Cannot install/remove forwarding without empty mailfile
$ 

Hmm... Yup, it seems secure to me!  Doesn't mean non-superuser chown
is OK, but IMHO it *is* not only OK, but useful!
-- 
							Greg A. Woods
woods@{eci386,gate,robohack,ontmoh,tmsoft}.UUCP		ECI and UniForum Canada
+1-416-443-1734 [h]  +1-416-595-5425 [w]  VE3TCP	Toronto, Ontario CANADA
Political speech and writing are largely the defense of the indefensible-ORWELL

More information about the Comp.unix.internals mailing list