Vulnerability Development: Re: /usr/bin/Mail buffer 0verfl0w

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: /usr/bin/Mail buffer 0verfl0w

From: Maciek Pasternacki <maciekp () JAPHY FNORD ORG>
Date: Wed, 7 Mar 2001 08:10:31 +0100

Syzop pressed following keys:

Why is mail on some systems sgid?,
It looks like it's something with locking files, but why doesn't mail
to be sgid on other systems then?

AFAIK it has something to do with brain-dead idea of putting users' mail in
/var/spool/mail/login instead of /home/login/Mailbox (or, better, Maildir/).
To lock the file which is not in world-writeable directory, program has to be
setuid or setgid.

   Syzop.

                --jph

-- 
__ Maciek Pasternacki <maciekp () japhy fnord org> [ http://japhy.fnord.org/ ]
`| _   |_\  / *CENSORED* ( full version at http://japhy.fnord.org/sig.txt )
,|{-}|}| }\/  
\/   |____/

Attachment: _bin
Description:

By Date By Thread

Current thread:

Re: /usr/bin/Mail buffer 0verfl0w, (continued)
- Re: /usr/bin/Mail buffer 0verfl0w Markus (Mar 01)
- Re: /usr/bin/Mail buffer 0verfl0w Lukasz Kowalczyk (Mar 01)
- Re: /usr/bin/Mail buffer 0verfl0w K2 (Mar 01)
  - Re: /usr/bin/Mail buffer 0verfl0w BAILLEUX Christophe (Mar 02)
    - Re: /usr/bin/Mail buffer 0verfl0w Joe (Mar 02)