/bin/mail
mann%Shasta%su-score at sri-unix.UUCP
mann%Shasta%su-score at sri-unix.UUCP
Thu Jun 9 04:40:00 AEST 1983
From: Tim Mann <mann%Shasta at su-score>
Making Berkeley 4.1 /bin/mail setuid to root creates a gaping
security hole, because /bin/mail allows you to mail to files.
This is true in spite of the fact that Berkeley's MAKE script
makes it setuid to root.
The only safe (?) way I know of to set things up is to create
a special "mail" group, make /bin/mail setgid to this group,
and arrange for the mail spool directory and mail files to be
group-writeable.
--Tim
More information about the Comp.unix.wizards
mailing list