Nasty Security Hole?
Peter DiPrete
peter at ernie.NECAM.COM
Wed Nov 9 16:32:42 AEST 1988
I surprised myself last week when I creamed the mail directory on our LAN
composed of Sun 3/60's, Sun 4/280, and Vax 8250 running Ultrix 2.3. The
surprise was that I wanted to clean off some files on a diskless client.
I used an "rm -r" on a filesystem "above" /usr/spool/mail (i think it was
/usr/spool, but I forget now). I was su'd to root at the time so as to be
sure I cleaned up thoroughly. It worked. Too well. The surprise is that
the mail filesystem is nfs mounted from the vax and I was working from one of
the (diskful) 60's. Since I "knew" root was translated into "nobody" over
the net, I was a little careless in my use of commands (next time, I'll
be sure to use "find . -xdev -exec rm {} \;"). I did not think that root ac
ross a NFS mount could do such damage (all mail was lost!).
So I experimented a little and found out that *anyone* at *anytime* can
blow away *any mailbox* since the mail directory has liberal permissions.
I even tried various combinations of set{gu}id and sticky bits on the directory.
I met with no success.
Here's the question, since the mail directory *must* have liberal
permissions to allow any user access to his/her mailbox, how can I
protect people's files. Even if a file has permissions set to 000,
any other user can blow it away! Can I protect people's mail better than this?
Actually, what I'd *really* like to do is to put people's mail in their home
directory since that would make NFS mounting the mail partition unneccessary.
Thanks in advance for all the help I know will come of this,
Peter Di Prete
NEC America
408-922-3829
{sun, uunet!altnet}!ernie!peter
--
Peter Di Prete @ NEC America
408-922-3829
sun!imagen!ernie!peter
...!uunet!altnet!ernie!peter
More information about the Comp.unix.wizards
mailing list