[comp.mail.uucp] Setuid smail2.5?

hacker@isadora.ikp.liu.se (Goran Larsson [Hacker of Hackefors]) (12/05/89)

I have ben bothered about smail 2.5 for sometime now.  Smail runs as the
user that starts smail, typically this is uucp for incomming mail and
the user sending mail for outgoing mail.  This means that some files
requires read and/or write permission for everybody on the machine:

   /usr/lib/uucp/paths		rw-r--r--
   /usr/spool/uucp/mail.log	rw-rw-rw-
   /usr/lib/aliases		rw-r--r--

What I would like to do is to rename these files to

   /usr/lib/smail/paths		rw-r-----
   /usr/lib/smail/log		rw-r-----
   /usr/lib/smail/aliases	rw-r-----

and give them to the user "mail."  Smail should then be setuid to "mail."

Now, this scheme works as far as I can test, but in one area I have not
found a answer: what about security?  The only problem that I can find is
that if a user specifies alternate path or alias files, these files must
be readable by the user "mail."  Anyone done something like this with
smail?

An alternative would be to make the files above writeable by group and
have smail setgid to the "mail" group.  Comments?

  !       _
  ! !    Goran Larsson  [The Hacker of Hackefors]
--+-+    Hackefors, Linkoping, SWEDEN (See)  +46 13-155535 (Hear)
  +-+--  ...!uunet!sunic!liuida!prodix!isadora!hacker (Bang!)
  ! !    hacker@isadora.ikp.liu.se (at'n'dots)
    !                                                    Mmh, Yes

chip@ateng.com (Chip Salzenberg) (12/08/89)

Why, Goran, I'm surprised you didn't ask me... :-)

According to hacker@isadora.ikp.liu.se (Goran Larsson [Hacker of Hackefors]):
>Smail should then be setuid to "mail."
>Now, this scheme works as far as I can test, but in one area I have not
>found a answer: what about security?  The only problem that I can find is
>that if a user specifies alternate path or alias files, these files must
>be readable by the user "mail."

Easy.  Do like Deliver 2.0:  if such parameters are specified, renounce
setuid privileges.
-- 
You may redistribute this article only to those who may freely do likewise.
Chip Salzenberg at A T Engineering;  <chip@ateng.com> or <uunet!ateng!chip>
	  "The Usenet, in a very real sense, does not exist."