Why can't mail have unpost command

trent at cit-vax.UUCP trent at cit-vax.UUCP
Thu Feb 26 05:00:09 AEST 1987


In article <1712 at druhi.UUCP> clive at druhi.UUCP (Clive Steward) writes:
>[...]
>
>Let's consider.  On a given machine, there will be only one user with a
>given (usable->first in /etc/passwd) userid.  And no (non-root) way to
>fake one.

I'm not sure I know what you are talking about here. I assume you mean that
the sender has a passwd on the sending machine. Common practice (and
common sense) says that if you are concerned with security on your machine,
you don't give out this information to the world. (encrypted or not, there
are algorithms that work pretty well to "decode" passwds given lots of
CPU time)

>Also, mail headers contain this information, in the path from which the 
>mail came.

Again, I'm confused about what you mean. Are you saying that mail 
headers contain the senders (encrypted) passwd? Guess again. Also, mail
headers are among the easiest things for the sender to fake.

>Further, we already have server access control, in the current way
>mail works.

Once again, what do you mean by this? None of the mail servers I've
ever hacked on have server access control beyond requiring the 
accessor be able to connect server's machine. Nor do you really want
them to, unless you want to disallow personal mail processing systems.

>It seems to me then, that a simple addition to the server can
>easily and securely know which pieces of mail, if any, a given
>(local or remote) requester deserves to cancel.

How does this follow? What is the server supposed to do, ask the 
machine it's connected to to send part of its /etc/passwd file?
Also, what's to prevent people from cancelling mail on the local
machine. (to which they have access to /etc/passwd themselves, without
having to call up the mail server on the target machine and convince it to 
send out the passwd of the person who's mail the muncher wants to cancel? :-)

>And that no one can beat this, unless they have root (or mail) 
>privileges, and furthermore, on the recipient's machine.

Huh? How does this follow? Ummm, I'm willing to bet that I can find
flaws, security leaks, or gross inconveniences in any sytem you can 
specify for recalling mail. (worse than the current mail system, that is!)
Remember, one of the greatest conveniences of the way mail is now is
that *any* user can write and use their own mail sending and reading
programs without having privileges. (except on fascistly administrated
machines)

>It's late, so maybe I'm wrong.  What do you think?

I think you're right about that, at least. :-) ;-)


-- 
"Party until it hurts; then, party 'til it don't hurt no more."
					../ray\..
 (trent at csvax.caltech.edu, rat at caltech.bitnet, ...seismo!cit-vax!trent)



More information about the Comp.unix.questions mailing list