orion@nuchat.UUCP (Roland Dunkerley) (10/15/88)
This is a bug report and patch for emacs 18.52 - this patch is necessary on systems using the /usr/mail/username.lock type of locking for mail. The problem is as follows: on such systems movemail must be installed sgid mail (or suid postman, but that one was outof the quetion) at any rate installing movemail with write permissios to the mail directory gives the user access to the mailbox of his choice. (actually this is caused by group mail having rwx to the directory and rw- for all the mailboxes, a similar problem occurs but smaller in scope in this case if it is installed suid postman) anyway the following patch calls access and aborts movemail if the user couldn't normally access the file in question. (an interesting thing the user could potentially do with movemail pre-patched and sgid would be to install his own version of one of the other sgid mail programs, check the code, i think that would work) anyway, enough of this - here's the patch *************** *** 100,105 **** --- 100,107 ---- #ifndef MAIL_USE_FLOCK /* Use a lock file named /usr/spool/mail/$USER.lock: If it exists, the mail file is locked. */ + if(access(inname,06)) + fatal ("no write permission to mailbox"); lockname = concat (inname, ".lock", ""); strcpy (tempname, inname); p = tempname + strlen (tempname); ----------------------------------------- cut here Roland Dunkerley III KSC (orion@nuchat.UUCP) *** We service Publicly Redistributable software - reasonable rates *** Inquire within -- *** We service Publicly Redistributable software - reasonable rates *** Inquire within