Re: redhat 6.1 mail]

[jen () ETTNET SE (Joel Eriksson)]

I posted the below privately to Jan before, some people seem to have
misunderstood a few things (or I have) so I'm posting it to the list now.

About my guess that the problem is NFS-related, I have now verified
that it doesn't work (at least with kernel v2.2.13 and nfs-server-2.2beta44).
I strongly doubt that there exist any problem at all, Jan has probably
misinterpreted something. If he hasn't, then some more detailed examples
would be fine.

---

On Mon, Mar 20, 2000 at 02:32:30PM +0000, jan bakker wrote:
> hello fello root's,
>
> one day i found that redhat 6.1 takes not only suid bits but also guid.
>
> you are owner of your mail file but it still belongs to the group mail
>
> so
>
> void(){
> set suid bit to user;
> set guid bit to 6;
> }

Just copying a shell would do fine.

> compile it and move it to
>
> /var/mail/user
> chmod 4700 /var/mail/user

That is not SGID permissions, just SUID. chmod 6700 would be better.

> ...
>
> result:
> reddog@home$id
> uid 300(me),gid 40(users)
> reddog@home$cd /var/mail
> reddog@home$me
> reddog@home$id
> uid(300),gid 6(mail)

A few years ago, I discovered that it was possible to get an SGID mail shell
on Linux systems by first setting the SGID bit and _then_ the (any) executable bit.
The Linux kernel only checked if the files GID !ÿsers GID when trying to set
the SGID bit if the file already was executable or if trying to set the executable
bit at the same time.

But, when I checked newer kernels it didn't work so I never bothered reporting it.

So either this is b-s, or some other circumstances are causing this. Hmm, is the
mailpartition on NFS (IIRC this was the case when I discovered this).

> now you can read other people mail but,
> 6 is lower than 15 so at some systems you can add new users !!!
> even a root user !!!

No. The only "special" UID/GID on a Unix system is UID 0. Higher / Lower doesn't
matter.

> red

--
Joel Eriksson