Re: Solaris /usr/bin/mailx exploit (SPARC)

Tue, 15 May 2001 12:09:41 -0700 

Casper Dik <[EMAIL PROTECTED]> writes:

> I'm not sure why all of the Solaris mail programs are actually set-gid 
> mail.
> 
> If you strip set-gid mail from /usr/bin/mail,, /usr/bin/mailx, 
> /usr/SUNWale/bin/mailx, /usr/dt/bin/dtmail, /usr/dt/bin/dtmailpr,
> /usr/openwin/bin/mailtool nothing should break.
> 
> (At least not if you /var/mail directory has the standard 1777 permissions)
> 
> By forcing a file permission of 600 on mailboxes, group mail should not
> gain you anything.

Just how do you force 0600 on mailboxes which don't exist (many MUAs remove
empty mailboxes?)

Since you cannot easily do this, at the very least a malicious user should be
able to steal other users' mail. I think.

--
Andrew Hilborne

Reply via email to