psc@lzaz.UUCP (Paul S. R. Chisholm) (01/19/87)
< "I'm *not* expendable, I'm *not* stupid, and I'm *NOT* going!" >
As most people know, your mailbox (where incoming mail is stored before
you read it, usually /usr/mail/$LOGNAME) is by default world readable.
This has been very amusing to would-be hackers, and very embarrassing to
couples sending each other electronic love notes.
[I don't believe that this is the case with the AT&T 3B20A that I used
to use, running SVR2.1. I just tried it with my 68020 system running
SVR2.2 and "mail" created the file 660. Other systems may very well
have this problem. -RWH]
Most mailers have a simple solution. If your mailbox has anything in
it, you can change the permissions on it. (If it doesn't exist, send
yourself some mail.) If your mail program empties out the mailbox, but
the mailbox doesn't have the default permissions, it will be truncated
to an empty file with your specified permission. If it has the default
permission, it's removed.
It seems /bin/mail and mailx have different ideas of what the default
permissions are. /bin/mail thinks the default is 664 (readable and
writable by the owner and group mail, readable by the world). mailx
thinks the default is 660 (not readable by the world). I'd changed my
mailbox to 660 by hand. The first time I read my mail with mailx, my
mailbox was removed! The next time someone sent me mail with /bin/mail,
my mailbox would be world readable again. Yuchh.
My solution was to change the permission to 620 (readable and writable
by me, writable by group mail). Mailers can add new messages to my
mailbox, I can (destructively) read my mail, and no one else can see my
mail messages. If a further kludge is needed, I could add random
execution permissions to my mailbox.
(Point of information for wizards: /bin/mail runs as the user running
it, but as group mail. mailx runs as with the user's id and group id,
and runs a separate set-group-id program to remove the mailbox. I don't
know what evil lurks in the hearts of the Berserkeley mailers.)
-Paul S. R. Chisholm, UUCP {ihnp4,cbosgd,allegra,vax135,mtgzz}!lznv!psc
AT&T Mail !psrchisholm, Internet mtgzz!lznv!psc@rutgers.rutgers.edu
The above opinions may not be shared by any telecomm company.karl@cbrma.UUCP (01/20/87)
In article <121@falkor.UUCP> psc@lzaz.UUCP (Paul S. R. Chisholm) writes: >As most people know, your mailbox (where incoming mail is stored before >you read it, usually /usr/mail/$LOGNAME) is by default world readable. >This has been very amusing to would-be hackers, and very embarrassing to >couples sending each other electronic love notes. I have just spent a few minutes and experimented with a herd of the systems I have available to me here in my department. In all cases, my mailbox is created 0660 no matter whether I use mailx as a front end, or just go straight for the gills with /bin/mail (actually /bin/lmail, due to having installed smail). The set of machines on which I just tried this out includes: cbrma: VAX-11/780 SysV.0 cbrmb: VAX-11/780 SysV.2.2 cbrmc: PDP-11/70 SysIII cbrmd: PDP-11/70 SysV.0 cbrme: 3b20 SysV.2.1 cbstr1:3b15 SysV.2.1 bacon: 3b2 SysV.2.0.4 byron: 3b2 SysV.2.0.5 That list includes a couple of network-invisible machines. I daresay that it constitutes a representative sample of systems and software. No such problems on any of them. Has someone hacked up your software locally? -- Karl
roy@phri.UUCP (Roy Smith) (01/20/87)
In article <5620@cbrma.att.com> karl@cbrma.att.com (Karl Kleinpaste) writes: > The set of machines on which I just tried this out includes: > > cbrma: VAX-11/780 SysV.0 > cbrmb: VAX-11/780 SysV.2.2 > cbrmc: PDP-11/70 SysIII > cbrmd: PDP-11/70 SysV.0 > cbrme: 3b20 SysV.2.1 > cbstr1:3b15 SysV.2.1 > bacon: 3b2 SysV.2.0.4 > byron: 3b2 SysV.2.0.5 > > I daresay that it constitutes a representative sample of systems > and software. Ha! 7 System V machines, and one running System III, and you say that's a "representative sample of systems and software"? I can deal with the fact that you didn't try a v7 machine (there aren't too many of them left), but have you never heard of Berkeley? On my 4.2BSD Vax and my 3.0 Sun (derived from 4.2BSD), mail spool files are mode 600. I have worked on a Sequent system (don't remember which version of Dynix it was, but Dynix is a 4.2 derivitive) and mail spool files were mode 600 there as well. There was one person's mailbox which was always 666, but I don't know if that was something he did on purpose (or by accident), or something "the system" did. -- Roy Smith, {allegra,cmcl2,philabs}!phri!roy System Administrator, Public Health Research Institute 455 First Avenue, New York, NY 10016 "you can't spell deoxyribonucleic without unix!"
mats@forbrk.UUCP (01/26/87)
If someone took the trouble to look at the mailx (for System V) or Mail (for BSD) documentation (manpage for mailx; one needs to go hunting for the Mail Reference Manual for Mail) they would find that there is a way (set keep in your .mailrc) to tell those programs not to delete your mailbox even when empty. In this manner, changed mode settings will be preserved, and nobody has to change the default behavior of the mail delivery program (usually /bin/mail). Additionally, mailx depends on mail files being mode 660, but with group "mail" (not your group). This is so that it does not have to run setuid root to manipulate your mailbox - it can run setgid mail instead, which seems somewhat safer. Mats Wichmann Fortune Systems