brad@bradley.UUCP (12/01/87)
/* Written 2:07 am Nov 24, 1987 by lenny@icus.UUCP in bradley:comp.sys.att */ >>This is a problem with the system manager (smgr) which controls the >>MAIL ICON at the top of the screen. If you save your mail after clicking >>on the icon, it indeed goes in /etc/lddrv/mbox, this is a *BUG* not >>a system problem. A while back I reported doing a "shell" escape "!" from >>inside mail from the icon, will give your root access. This is a pretty >>bad security flaw, since smgr runs as a root process. This can be >>fixed I believe by renaming "/bin/mail" with "/bin/lmail" and writing >>a short program that will do a: >> >> setuid(getuid()); >> setgid(getgid()); >> >>and then exec "/bin/lmail". This doesn't work as smgr runs as root. What I do is look at /etc/utmp (or is it /etc/wtmp) and find out who is logged into /dev/w1, then using the login name look up the uid in /etc/passwd and use this. Multiple gettys will read the mail of who every is logged into /dev/w1 (note that /dev/tty??? doesn't have this happen to it).