fin@UF.MSC.UMN.EDU ("Craig Finseth") (12/30/88)
Hello, Richard, from a person out of your past...
I'm a happy user of GNU-Emacs out here in Minnesota and -- not
surprizingly -- also the maintainer.
Unfortunately, GNU-Emacs has received a reputation as being "unsecure"
because of a hole in movemail, which must run as set uid "root" (at
least on our systems).
Fortunately, the fix is very easy:
starting at line 138:
#ifdef MAIL_USE_FLOCK
if (access (inname, R_OK | W_OK) != 0) <NEW
pfatal_with_name (inname); <NEW
indesc = open (inname, O_RDWR);
#else /* if not MAIL_USE_FLOCK */
if (access (inname, R_OK) != 0) <NEW
pfatal_with_name (inname); <NEW
indesc = open (inname, O_RDONLY);
#endif /* not MAIL_USE_FLOCK */
starting at line 156, add these lines:
/* Should also check to ensure that, if outname is not present, its
directory is writeable to the real uid */
if (access (outname, F_OK) == 0 && access (outname, W_OK) != 0)
pfatal_with_name (outname);
and that's it. Keep up the good work.
Craig A. Finseth fin@msc.umn.edu [CAF13]
Minnesota Supercomputer Center, Inc. (612) 624-3375