brad@ds3.bradley.edu (Bradley E. Smith) (10/25/90)
We have a funny problem here with elm. I am going to fix it but thought
other people would be interested in this. Also if we might get this
fix into some release would be nice.
Configuration:
AT&T 3B2/1000-70 UNIX 3.2.3
elm 2.3 P5
usersetup:
Due to the fact that this machine is a student machine, we have
made it somewhat harder for users to screw themselves up. One
of these changes is that each student is in his own group
(ie login=doe, group=doe). Also each students home directory
is owned by 'user' (which is an adminstrative login not used).
So each home directory is 770 ('drwxrwx--- 15 user doe ....).
This makes so that tojan horses can't change a users home
directory's permissions.
now the problem.
Since elm runs setgid(mail) (which means the efective id is mail).
The students can't save options or mail because they can't get
access to their home directory.
solution.
Have elm swap the group id from mail -> doe -> mail (and back again
as needed) when it needs to create a lock file. This way one has
access to their own files.
Any takers? thoughts?
brad smith
brad@bradley.eduske@pkmab.se (Kristoffer Eriksson) (10/31/90)
In article <1990Oct24.212255.5138@bradley2.bradley.edu> brad@ds3.bradley.edu (Bradley E. Smith) writes: > Have elm swap the group id from mail -> doe -> mail (and back again > as needed) when it needs to create a lock file. This way one has > access to their own files. Watch out if you try to implement this. There are at least two BSD versions and the System V version that need to be treated differently if you intend to switch back and forth between the real GID and the programs set-GID. (We've done this for C-kermit version 5A, so I have some experience of it.) -- Kristoffer Eriksson, Peridot Konsult AB, Hagagatan 6, S-703 40 Oerebro, Sweden Phone: +46 19-13 03 60 ! e-mail: ske@pkmab.se Fax: +46 19-11 51 03 ! or ...!{uunet,mcsun}!sunic.sunet.se!kullmar!pkmab!ske
brad@ds3.bradley.edu (Bradley E. Smith) (11/01/90)
ske@pkmab.se (Kristoffer Eriksson) writes: >In article <1990Oct24.212255.5138@bradley2.bradley.edu> brad@ds3.bradley.edu (Bradley E. Smith) writes: >> Have elm swap the group id from mail -> doe -> mail (and back again >> as needed) when it needs to create a lock file. This way one has >> access to their own files. >Watch out if you try to implement this. There are at least two BSD versions >and the System V version that need to be treated differently if you intend >to switch back and forth between the real GID and the programs set-GID. >(We've done this for C-kermit version 5A, so I have some experience of it.) Well I have done it (just for SYSV) and have been running it for a week. Next thing is send the patches out? Should I Syd? brad smith bradley university brad@bradley.edu