mailing list archives
Re: Solaris /usr/bin/mailx exploit (SPARC)
From: Casper Dik <Casper.Dik () Sun COM>
Date: Thu, 17 May 2001 12:24:41 +0200
Indeed if you're going to go to all the trouble of pre-creating
mailboxes and ensuring that empty ones are left behind by all mail
reading agents then it's trivial to implement setgid-mail delivery on
even systems which don't allow ordinary users to use chown(2).
I.e. it's trivial, even on such systems, to avoid having to use root
privileges in any part of the local mail system!
Dependign on which loss of features you're willing to accept, it's
usually not practical to run mail delivery as a non-privileged user;
currently, we need to do deliver as superuser because of the
actual delivery runs as the destination user.
If you don't run delivery as the targeted user, you can have unrestricted
.forward files (those are a risk in themselves but tools like procmail
cannot easily be run under an unprivilegd accoutn on behalf of a user.
AS things stand today, there doesn't seem to be any reason to continue
the use of set-gid mail in Solaris, except that some code changes will be
necessary (or mailboxes will be created mode 660, group pwd->pw_gid