non-superuser chown(2)s considered harmful
Leslie Mikesell
les at chinet.chi.il.us
Wed Dec 12 07:36:32 AEST 1990
In article <1990Dec11.005644.20688 at cbnewsk.att.com> hansen at pegasus.att.com (Tony L. Hansen) writes:
>< Exactly. This is why several people have been arguing for chown() to
>< work between current and effective uids. Does chown() have any other
>< reasonable use?
>
>The mail(1) command uses chown(2) and set-gid to give a secure mail system. I
>feel that other methods are fraught with potential security holes.
>
> Tony Hansen
> att!pegasus!hansen, attmail!tony
> hansen at pegasus.att.com
Are you talking about the same SysV /bin/mail that I have (AT&T SysVr3)
that uses the environment variable LOGNAME to decide who you are
and allows you to forward your mail with the command:
mail -F new_address
If you are, try:
MAIL=/usr/mail/you LOGNAME=you mail -F me
(replace "you" with someone else on the system who happens to have an
empty mailbox, and "me" with your login name)
Then tell me if you would still describe the system as secure.
Les Mikesell
les at chinet.chi.il.us
More information about the Comp.unix.internals
mailing list