Mail security.

alt%aids-unix at sri-unix.UUCP alt%aids-unix at sri-unix.UUCP
Fri Jun 10 19:23:00 AEST 1983 

From:  Howard Alt <alt at aids-unix>

Lets face it, mail on Unix wasn't ment to be secure.  The options people
have offered so far are:
1) set /etc/delivermail suid root.
2) set /bin/mail suid root.
3) set (one or the other I don't recall) sgid a mail group.

All this discussion has to do with keeping others from perusing your
mail.  This means that you want the mail files to be some mode that
keeps others from reading your mail.  The problem seems to be that
they need to write into your mail file.  So, how about mode 622?
This allows anyone to write your mail file, and no one but you and
root to read it.  
All of the previous ideas were based on having the file mode 0600, and
in fact, all of the previous ideas would work just fine.  All you
would have to do is change /bin/mail so that it 
1) makes the file mode 600, and
2) makes the owner of the file the person who is recieving it.

I had started writing earlier, and I was going to claim that /bin/mail
was an insecure program because you can do shell escapes, and write
files.  I was wrong.  I decided to test it, and it does the
setuid(getuid()) bit where it has to.  So, in reality, it makes no
difference if you put the setuid bit on delivermail or binmail.  I hope
that someone could please tell me why delivermail is an insecure
program.  I can't see how it can be made to do anything but deliver
mail.  Since it calls binmail to actually put the mail into the mail
spool directory, I don't see any problems.  In fact, it seems that
delivermail should be the suid one.  That way whatever mailer you use,
it will be called by root, and you can protect your Top Secret mail.

This brings up another point.  If you have mail that you don't want
people to read, why not send it with secret mail.  In the past, every
instance that I have seen of problems occuring becasue of mail poking,
it has been someone who could have become root and done exactly the
same thing.

But, be of good cheer folks,  we haven't long to wait before this whole
thing gets rehashed again for the new mailsystem Sendmail.  In fact,
sendmail is nice.  It works very well from what I have used of it.  Ha,
ha. Just when you thought you had delivermail figured out, here comes a
new, fancy, sexy mailer with IPC and everything... What Fun!  

	Cheers,
		Howard.

More information about the Comp.unix.wizards mailing list