Bugtraq mailing list archives
Re: Solaris /usr/bin/mailx exploit (SPARC)
From: Johann Klasek <bugtraq () auto tuwien ac at>
Date: Tue, 15 May 2001 13:46:23 +0200
On Mon, May 14, 2001 at 10:24:10AM +0200, Casper Dik wrote:
I'm not sure why all of the Solaris mail programs are actually set-gid mail. If you strip set-gid mail from /usr/bin/mail,, /usr/bin/mailx, /usr/SUNWale/bin/mailx, /usr/dt/bin/dtmail, /usr/dt/bin/dtmailpr, /usr/openwin/bin/mailtool nothing should break. (At least not if you /var/mail directory has the standard 1777 permissions) By forcing a file permission of 600 on mailboxes, group mail should not gain you anything.
To correct slightly the picture of a set-gid mail environment: set-gid has nothing to do with writing the inbox. It was in old days (without todays 1000 permission) the only method to allow mail clients the creation of .lock files and the inbox file itself in /var/spool/mail. It was never necessary to let the inbox writeable for group "mail" (of course, probably not true in very old System 7 environments). Therefore, a 600 permission does NOT implicate an unnecessary group mail setup. The delivery into a mailbox is accomplished with user (inbox owner) permission (derived from the set- uid root MTA). J.K. -- Johann E. Klasek Central Technology Services, Dept. Communication Vienna University of Technology Tel: +43 1 58801-42049 <a href="http://pgpkeys.tuwien.ac.at:11371/"> PGP Key jklasek </a>
Current thread:
- Re: Solaris /usr/bin/mailx exploit (SPARC) Casper Dik (May 15)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Johann Klasek (May 15)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 16)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Andrew Hilborne (May 15)
- MUAs that delete spoolfiles (was Solaris /usr/bin/mailx exploit (SPARC)) Rich Lafferty (May 16)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 15)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Dan Astoorian (May 15)
- <Possible follow-ups>
- Re: Solaris /usr/bin/mailx exploit (SPARC) Tobias J. Kreidl (May 16)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 17)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Casper Dik (May 17)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 18)
- Mail delivery privileges (was: Solaris /usr/bin/mailx exploit) Wietse Venema (May 18)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 17)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Johann Klasek (May 15)