Re: redhat 6.1 mail

[lcamtuf () DIONE IDS PL (Michal Zalewski)]

> > one day i found that redhat 6.1 takes not only suid bits but also guid.
> > you are owner of your mail file but it still belongs to the group mail

> > /var/mail/user

Maybe talking about other RH6.1?;>

[root@forwarder spool]# ls -ld /var/spool/mail
drwxrwxr-x   2 root     mail         4096 Mar 24 01:01 /var/spool/mail
[root@forwarder spool]# cat /etc/redhat-release
Red Hat Linux release 6.1 (Cartman)

> > chmod 4700 /var/mail/user

Even if so, you have to set setgid bit! you've set only setuid, while
you're the owner... AND even if so, I haven't seen /var/spool/mail setuid
or setgid anywhere - sometimes it is world writable, but with STICKY
(+t) bit set. AND again, even if so, standard Linux semantics won't allow
you to set sgid bit for file if you don't belong to specific group. SO:

[nobody@forwarder /]$ ls -ld /DUPA
drwxrwsrwx   2 root     root         4096 Mar 24 10:58 /DUPA
[nobody@forwarder /]$ cat /usr/bin/id >/DUPA/id
[nobody@forwarder /]$ chmod 2755 /DUPA/id
[nobody@forwarder /]$ ls -l /DUPA/id
-rwxr-xr-x   1 nobody   root        10168 Mar 24 10:59 /DUPA/id
[nobody@forwarder /]$ /DUPA/id
uid=99(nobody) gid=99(nobody) groups=99(nobody)

This mail sucks.

_______________________________________________________
Michal Zalewski * [lcamtuf () ags pl] <=> [AGS WAN SYSADM]
[dione.ids.pl SYSADM] <-> [http://lcamtuf.na.export.pl]
[+48 22 551 45 93] [+48 603 110 160] bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=