rusty@GARNET.BERKELEY.EDU (04/28/89)
If I'm on a system where I don't have root access and I have my own copy of emacs and /usr/spool/mail is mode 0775 and I'm not in the group that it's owned by, then movemail bombs because it tries to create a lock file in /usr/spool/mail. If I #define MAIL_USE_FLOCK in movemail.c then movemail seems to work. Does anybody know if I run the chance of losing mail due to movemail using flock() when /bin/mail uses a lock file?
worley@EDDIE.MIT.EDU (Dale Worley) (05/04/89)
If I'm on a system where I don't have root access and I have my own copy of emacs and /usr/spool/mail is mode 0775 and I'm not in the group that it's owned by, then movemail bombs because it tries to create a lock file in /usr/spool/mail. Isn't the correct way to handle this to set movemail suid (or sgid) to the proper user/group? Dale
kjones@talos.UUCP (Kyle Jones) (05/08/89)
For those running systems that support the concept of sticky directories I recommend making your mail spool mode 1777. etc/movemail then need not be setuid or setgid.
carl@csli.Stanford.EDU (Carl Schaefer) (05/09/89)
In article <527@talos.UUCP> kjones@talos.UUCP (Kyle Jones) writes: >For those running systems that support the concept of sticky directories >I recommend making your mail spool mode 1777. etc/movemail then need >not be setuid or setgid. A world-writable /usr/spool/mail allows mischief of the form: badguy> touch /usr/spool/mail/goodguy badguy> chmod a+rw /usr/spool/mail/goodguy Mail delivered to goodguy is now accessible to anyone. Alternatively, badguy can cause mail to goodguy to bounce with 'chmod 0'. Sticky directories have their uses, but they don't provide adequate protection for a world-writable mail spool. Carl -- Carl Schaefer carl@csli.stanford.edu