wtm@neoucom.UUCP (11/18/87)
Hi, The first few times it happened I attributed it to my silliness or something, but I think I am encountering inexplicable gremlins. It seems that every now and again files wind up stuck in /etc/lddrv when they should be someplace else. Here's what happens: I am logged in as wtm. I am in ksh, lint-ing a file, proj.c in ~wtm/cfiles. Lint leaves a bunch of .o files in /etc/lddrv, with permission 666 and owned by root, with group users. I am logged in as wtm. I am in ksh, view-ing a file in /usr/local/src. Mail comes in, so I click the envelope with the mouse. It is a rather long letter, and it scrolls to fast to read. I figure I'll save it an look at it later, when I've got more time, so I hit "s" figuring it'll go into ~wtm/mobx. Wrong, it goes into /etc/lddrv/mbox, with permission 666, owner root, group root. I did sync;sync;sync;fsck -y. Nothing unusual like a bad link or such is reported. The only message I got was the usual couple of "POSSIBLE FILE SIZE ERROR in ..." messages. What gives? I get nervous when strange things start happening in the directory where the drivers live!! Bill (wtm@noeucom.UUCP)
lenny@icus.UUCP (Lenny Tropiano) (11/24/87)
In article <764@neoucom.UUCP> wtm@neoucom.UUCP writes: > [... some description removed ...] > Mail comes in, so I click the envelope with the >mouse. It is a rather long letter, and it scrolls to fast to read. >I figure I'll save it an look at it later, when I've got more time, >so I hit "s" figuring it'll go into ~wtm/mobx. Wrong, it goes into >/etc/lddrv/mbox, with permission 666, owner root, group root. > This is a problem with the system manager (smgr) which controls the MAIL ICON at the top of the screen. If you save your mail after clicking on the icon, it indeed goes in /etc/lddrv/mbox, this is a *BUG* not a system problem. A while back I reported doing a "shell" escape "!" from inside mail from the icon, will give your root access. This is a pretty bad security flaw, since smgr runs as a root process. This can be fixed I believe by renaming "/bin/mail" with "/bin/lmail" and writing a short program that will do a: setuid(getuid()); setgid(getgid()); and then exec "/bin/lmail". I haven't verified if this will work, but if not there is always another way to skin a cat! >I did sync;sync;sync;fsck -y. Nothing unusual like a bad link or >such is reported. The only message I got was the usual couple of >"POSSIBLE FILE SIZE ERROR in ..." messages. > I have noticed some strange things with a 3B1 at work that I do a: # find / -print /unix - bad status /etc - bad status . . . I don't know what happened there! Although everything runs find?! I've seen when the filesystem gets corrupted and you have to do a /etc/fsck to fix it! That could happen! I wish there was a way to avoid it on each reboot, only do it if it crashes! (ie. Like the 3B2) Hope this helps, Lenny -- ============================ US MAIL: Lenny Tropiano, ICUS Computer Group IIIII CCC U U SSSS PO Box 1 I C C U U S Islip Terrace, New York 11752 I C U U SSS PHONE: (516) 968-8576 [H] (516) 582-5525 [W] I C C U U S AT&T MAIL: ...attmail!icus!lenny TELEX: 154232428 IIIII CCC UUU SSSS UUCP: ============================ ...{uunet!godfre, mtune!quincy}!\ ...{ihnp4, boulder, harvard!talcott, skeeve, ptsfa}! >icus!lenny "Usenet the final frontier" ...{cmcl2!phri, hoptoad}!dasys1!/
jlw@lznv.UUCP (11/25/87)
The problem is that smgr exec's /bin/mail as root
in the /etc/lddrv directory. Smgr also happens
to look for /usr/bin/email first. Therefore,
compiling the following little program and
installing it as /usr/bin/email with vanilla
options fixes that problem. Don't use shared
libs; makes it bigger. I've been using this for
months with both 3.5 and 3.51. You may not have mailx
available so you may want to check what the
program's doing for you. It's pretty easy to
change.
Joe Wood
lznv!jlw
lznv!jlwood3!jlw
------------------cut here------------cut here-----------------
/*
* email.c - exec'ed from smgr as:
* /usr/bin/email -i -u %s
*
* This version fixes up a rather bad security
* bug in 3.5 UNIX PC. With no /usr/bin/email
* installed, send mail to yourself, click on
* mail icon, escape to shell, and you're superuser.
*/
main(argc, argv)
int argc;
char *argv[];
{
char p[256];
p[0] = (char)0;
strcat(p, "/bin/sh -c \"");
strcat(p, " EDITOR=/usr/bin/vi VISUAL=/usr/bin/vi SHELL=/bin/ksh");
strcat(p, " HOME=/u/");
strcat(p, argv[3]);
strcat(p, ";MAILRC=/u/");
strcat(p, argv[3]);
strcat(p, "/.mailrc;export HOME MAILRC EDITOR VISUAL SHELL;");
strcat(p, "cd /u/");
strcat(p, argv[3]);
strcat(p, ";/usr/bin/mailx\"");
execl( "/bin/su", "su", argv[3],
"-c", p, (char *)0);
}