ben@moncol.UUCP (Bennett Broder) (03/26/91)
Does anyone know why the mail spoolfile isn't deleted when the last message is deleted? This is standard behavior for /bin/mail and mailx, and would be desirable for elm. I have fixed leavembox.c to do this, can you forsee any problems? -- Bennett Broder Monmouth College ..princeton!moncol!ben Computer Services ..rutgers!petsd!moncol!ben W. Long Branch, NJ 07764
syd@DSI.COM (Syd Weinstein) (03/26/91)
ben@moncol.UUCP (Bennett Broder) writes: >Does anyone know why the mail spoolfile isn't deleted when the last message >is deleted? This is standard behavior for /bin/mail and mailx, and would be >desirable for elm. I have fixed leavembox.c to do this, can you forsee >any problems? Yup, mail spoofing in sites that run /usr/spool/mail 3777 (BSD style). If you delete the mailbox, then none is there and someone else can create one and then own it and read all your mail preventing you from reading your mail. This is only an attack valid on BSD stype systems that do not use Elm setgid and use /usr/spool/mail with mode 3777 (sticky, setgid). -- ===================================================================== Sydney S. Weinstein, CDP, CCP Elm Coordinator Datacomp Systems, Inc. Voice: (215) 947-9900 syd@DSI.COM or dsinc!syd FAX: (215) 938-0235
meo@Dixie.Com (Miles ONeal) (03/28/91)
I'm curious as to why having a mail program remove an empty mail file is "desirable" behavior. Unless you have large numbers of users cleaning out their boxes every day, and Greenpeace is after you for inode wastage 8^). I always set my .mailrc to leave the file there, anyway. -Miles but noe I have elm, which does it "right" 8^)