Nasty Security Hole?
Chris Torek
chris at mimsy.UUCP
Thu Nov 10 22:20:17 AEST 1988
In article <175 at ernie.NECAM.COM> peter at ernie.NECAM.COM (Peter DiPrete) writes:
>... the mail directory has liberal permissions. I even tried various
>combinations of set{gu}id and sticky bits on the directory.
The sticky bit on the directory is intended to fix that. Alas, it is
broken in the NFS implementations you mentioned. You could try setting
the spool directory to r-xr-xr-x, then make sure that two things still
work: the first mail message to a user who has no spooled mail, and
deleting all messages from spooled mail.
--
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain: chris at mimsy.umd.edu Path: uunet!mimsy!chris
More information about the Comp.unix.wizards
mailing list