Re: Solaris /usr/bin/mailx exploit (SPARC)

[Johann Klasek <bugtraq () auto tuwien ac at>]

On Mon, May 14, 2001 at 10:24:10AM +0200, Casper Dik wrote:
> I'm not sure why all of the Solaris mail programs are actually set-gid 
> mail.
>
> If you strip set-gid mail from /usr/bin/mail,, /usr/bin/mailx, 
> /usr/SUNWale/bin/mailx, /usr/dt/bin/dtmail, /usr/dt/bin/dtmailpr,
> /usr/openwin/bin/mailtool nothing should break.
>
> (At least not if you /var/mail directory has the standard 1777 permissions)
>
>
> By forcing a file permission of 600 on mailboxes, group mail should not
> gain you anything.

To correct slightly the picture of a set-gid mail environment: 

set-gid has nothing to do with writing the inbox. It was in old days
(without todays 1000 permission) the only method to allow mail clients
the creation of .lock files and the inbox file itself in
/var/spool/mail. It was never necessary to let the inbox writeable for
group "mail" (of course, probably not true in very old System 7
environments). Therefore, a 600 permission does NOT implicate an
unnecessary group mail setup. The delivery into a mailbox is
accomplished with user (inbox owner) permission (derived from the set-
uid root MTA).

J.K.


-- 
Johann E. Klasek   Central Technology Services, Dept. Communication
Vienna University of Technology              Tel: +43 1 58801-42049
<a href="http://pgpkeys.tuwien.ac.at:11371/";> PGP Key  jklasek </a>