smarry@contact.uucp (Marc Moorcroft) (09/25/89)
Contact runs smail modified for use with Xenix, and in the course of several system crashes and restorations we've lost the original archive and all of the source code. Looking at the mail.log file on our system, I noticed that it had write permission for everyone. I took that away and changed the ownership of the file from "root" to "uucp", which seemed reasonable at the time. Looking at it later showed that it was now showing only uucp mail transfers and mail from root and root-access programs like "LOGIN" and "GETTY". What I'm wondering is: Should some of the programs installed for smail be set-user or set-group-id? I've looked at /usr/bin/smail, /usr/bin/rmail, /usr/lib/mail/execmail and /usr/lib/mail/execmail.x without seeing a set-user/group-id bit, but it seems wrong to me to have a log file that anyone can come along and truncate. Marc Moorcroft -- entity about the system on Contact