dav%berkeley@csuf.UUCP (06/20/83)
A major problem with such a list is the fact that uucp (as distributed)
isn't secure to start with, and undesireables can simple catch these
messages while spooled in /usr/spool/uucp (where they are readable and
removeable so the unix-security people won't see the "hole" and fix it).
Otherwise, the suggestion is a good one. Perhaps the first thing that
should go out on it is a fix to this security problem with uucp.
David L. Markowitz
...!ucbvax!{trw-unix,ucivax}!csuf!dav
Rockwell International
Anahiem, Ca.smk@linus.UUCP (Steven M. Kramer) (07/21/83)
OK -- there are many problems with UNIX. We have 4.1 and have had security
problems in the past. Let's start with mail. Rather than give the
penetration scenarios, this list the fixes to mailing:
in /usr/src/cmd/mail.c: put a setuid(getuid()) before the call to delivermail.
/usr/src/cmd/delivermail/deliver.c: put a if(access(filename,2)!=0)return(CANTCREATE);
before the fopen(filename,"a")
/usr/src/cmd/mail.c: make MAILMODE ~0600
/usr/src/cmd/ucbmail/lex.c: after the check for 'No mail for %s' do a stat
and see if the file is empty. If so, also print 'No mail for %s'
and return(-1);
/usr/lib/Mail.rc : make sure 'set keep' is in (to truncate rather than delete
null mail files from /usr/spool/mail. Note this is because in 4.1
close(creat) calls itrunc() in the OS and doesn't touch the directory,
which bring us to the next and final step:)
/usr/spool/mail: make mode 711
Now, mail is secure for your machine. Next step is uucp, but I haven't done
that fully yet.
--
--steve kramer
{allegra,genrad,ihnp4,utzoo,philabs,uw-beaver}!linus!smk (UUCP)
linus!smk@mitre-bedford (ARPA)