/usr/spool/mail
utzoo!decvax!pur-ee!rick
utzoo!decvax!pur-ee!rick
Wed Sep 9 19:12:35 AEST 1981
The problem is that mail should not chown a file it didn't create.
If the directory is writable, there are so many things you can do,
there will always be a way around your fixes. The discussion seems to
be centering on the suid bits of /usr/spool/mail/root. Various solutions
have been offered including chmoding the file to mode 600 to get
rid of the suid bits. If the site runs "at", you dont have to have
the suid bit on in /u/sr/spool/mail. Just do an "at current-time+1" and
enter the commands chown 0/0 /bin/sh;chmod 4755 /bin/sh to at. "at"
will happily put the commands in /u/spool/at/something. You then link
/usr/spool/mail/root to /usr/spool/at/whatever and mail root. Presto--
"at" thinks that root owns the command file and runs it and /bin/sh is suid
root.
One shouldn't try to cure the symptoms, but to eradicate the disease.
---rick
(pur-ee!rick)
More information about the Comp.unix.wizards
mailing list