Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!linus!philabs!seismo!hao!hplabs!sri-unix!alt@aids-unix From: alt%aids-unix@sri-unix.UUCP Newsgroups: net.unix-wizards Subject: Mail security. Message-ID: <2003@sri-arpa.UUCP> Date: Fri, 10-Jun-83 05:23:00 EDT Article-I.D.: sri-arpa.2003 Posted: Fri Jun 10 05:23:00 1983 Date-Received: Sun, 12-Jun-83 06:04:57 EDT Lines: 46 From: Howard AltLets face it, mail on Unix wasn't ment to be secure. The options people have offered so far are: 1) set /etc/delivermail suid root. 2) set /bin/mail suid root. 3) set (one or the other I don't recall) sgid a mail group. All this discussion has to do with keeping others from perusing your mail. This means that you want the mail files to be some mode that keeps others from reading your mail. The problem seems to be that they need to write into your mail file. So, how about mode 622? This allows anyone to write your mail file, and no one but you and root to read it. All of the previous ideas were based on having the file mode 0600, and in fact, all of the previous ideas would work just fine. All you would have to do is change /bin/mail so that it 1) makes the file mode 600, and 2) makes the owner of the file the person who is recieving it. I had started writing earlier, and I was going to claim that /bin/mail was an insecure program because you can do shell escapes, and write files. I was wrong. I decided to test it, and it does the setuid(getuid()) bit where it has to. So, in reality, it makes no difference if you put the setuid bit on delivermail or binmail. I hope that someone could please tell me why delivermail is an insecure program. I can't see how it can be made to do anything but deliver mail. Since it calls binmail to actually put the mail into the mail spool directory, I don't see any problems. In fact, it seems that delivermail should be the suid one. That way whatever mailer you use, it will be called by root, and you can protect your Top Secret mail. This brings up another point. If you have mail that you don't want people to read, why not send it with secret mail. In the past, every instance that I have seen of problems occuring becasue of mail poking, it has been someone who could have become root and done exactly the same thing. But, be of good cheer folks, we haven't long to wait before this whole thing gets rehashed again for the new mailsystem Sendmail. In fact, sendmail is nice. It works very well from what I have used of it. Ha, ha. Just when you thought you had delivermail figured out, here comes a new, fancy, sexy mailer with IPC and everything... What Fun! Cheers, Howard.