outer@utcsrgv.UUCP (Richard Outerbridge) (11/22/84)
In setting up a BSD 4.2 system an acquaintance had some trouble getting the XMAIL package working (enroll, xsend, xget). The directory that is used by the package is /usr/spool/secretmail; it is owned by root and was set to 744. The problem was that none of the programs could write in this directory and all of them needed to. Chmod'ing to 777 gets everything working, but ALSO - 1) allows anyone to delete anyone's pending xmail; 2) allows anyone to muck about with the public keys. Xsend will warn you if it suspects that the recipient's key has been mucked about with, but that's really pretty feeble. Obviously the recipient can figure out when his key has been corrupted. Running this way the scheme can be sabatoged at will (never mind being vulnerable to traffic analysis). [OK, OK, xmail uses *knapsacks* and knapsacks can be broken overnight with an Apple ][ and some fancy integer programming. I welcome some discussion about the insecurity of xmail knapsacks vs. the insecurity of crypt(1) rotors, canvassed here recently by Henry Spencer.] So: Quare? Any suggestions about how to get this working and secure? What (if any) implications for system security would the fix have? -- Richard Outerbridge <outer@utcsrgv.UUCP> 416 961-4757 Payload Deliveries: N 41 39'36", W 79 23'42", Elev. 106.47m.