orion@nuchat.UUCP (Roland Dunkerley) (10/15/88)
This is a bug report and patch for emacs 18.52 - this patch
is necessary on systems using the /usr/mail/username.lock
type of locking for mail. The problem is as follows: on such
systems movemail must be installed sgid mail (or suid postman,
but that one was outof the quetion) at any rate installing
movemail with write permissios to the mail directory gives
the user access to the mailbox of his choice. (actually this
is caused by group mail having rwx to the directory and rw-
for all the mailboxes, a similar problem occurs but smaller
in scope in this case if it is installed suid postman)
anyway the following patch calls access and aborts movemail
if the user couldn't normally access the file in question.
(an interesting thing the user could potentially do with
movemail pre-patched and sgid would be to install his own
version of one of the other sgid mail programs, check the
code, i think that would work)
anyway, enough of this - here's the patch
***************
*** 100,105 ****
--- 100,107 ----
#ifndef MAIL_USE_FLOCK
/* Use a lock file named /usr/spool/mail/$USER.lock:
If it exists, the mail file is locked. */
+ if(access(inname,06))
+ fatal ("no write permission to mailbox");
lockname = concat (inname, ".lock", "");
strcpy (tempname, inname);
p = tempname + strlen (tempname);
----------------------------------------- cut here
Roland Dunkerley III KSC
(orion@nuchat.UUCP)
*** We service Publicly Redistributable software - reasonable rates
*** Inquire within
--
*** We service Publicly Redistributable software - reasonable rates
*** Inquire within