deceptive mail

[Dave Cohrs]

> Somebody here noticed the following "feature" of mail (4.2 BSD).  Under
> certain conditions, a user "xyzu" can do a "set user=abcd" and send mail
> to user "pqrs".  To "pqrs" it appears that "abcd" sent the mail (xyzu <>
> abcd).  This could cause misunderstandings or such if "xyzu" were malicious.
> Is this a feature or a bug?  Thanks.

I think this is the product of a bug and a "feature".  The bug is in /bin/mail
and a bad fix in the same.  It seems that /bin/mail would through mail
from uucp on the floor under certain circumstances.  The fix was to take
out all checking for the sender and just believe whatever /bin/mail was told.
Not a good policy as far as I'm concerned.  The feature is that mail loves
to look at silly things like getlogin() and $USER instead of more valid
things like getpwuid(getuid()) for the username.  These two combined cause
mail to make bogus 'From' lines.

The real fix is in /bin/mail -- get rid of the bad fix and do getpwuid()s
instead of getlogin()s to find the username.  While you're at it, you
might want to do this to ucb/mail and sendmail too.  I guess this isn't the
most popular way of handling mail senders, but I find it the most reliable --
I tend to like my mail coming from whomever the person is currently, not who
they logged in as!

-- 
(Bug?  What bug?  That's a feature!)

Dave Cohrs
...!{allegra,heurikon,ihnp4,seismo,uwm-evax}!uwvax!dave
dave at wisc-rsch.arpa