Re: [BUG] Vulnerability in PINE (fwd)

[MRC () CAC Washington EDU (Mark Crispin)]

With regard to the question/comment:

> If the author of PINE took the time to add file checking to PINE, I don't
> know why he didn't just make the mode of the file 600.

The reason why the file is mode 666 is because of the case of shared folders
(tenex format and friends) and "kiss of death" functionality (UNIX mbox format
and MMDF format).  The lock needs to be accessible by processes which may be
logged in as another user name.

> On the other hand, because the mailbox is opened read only, I can see this
> as a lower level denial of service attack, if you even want to call it that.
> Most Joe Schmoe users wouldn't know why they were getting that error, and
> would be annoyed by the fact that they can get incoming email, but wouldn't
> be able to delete any email.

This is true, but between syslog() and other means, it is usually quite simple
to track down the bad guy and take administrative action.  Sometimes, a
tradeoff has to be made between perfect technical security and what is most
functional for the user community, and often the dividing line is between what
causes damage (or invades privacy) vs. what is merely annoying.

Given that it's easy to crash almost any Unix system (I have several little
programs that will take down most systems, don't you?), a site needs to have
administrative measures to deal with anti-social behavior.