Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10 6/7/83; site hao.UUCP Path: utzoo!linus!genrad!mit-eddi!mit-vax!eagle!harpo!seismo!hao!pag From: pag@hao.UUCP Newsgroups: net.unix-wizards Subject: Re: /bin/mail Message-ID: <532@hao.UUCP> Date: Thu, 9-Jun-83 12:45:42 EDT Article-I.D.: hao.532 Posted: Thu Jun 9 12:45:42 1983 Date-Received: Fri, 10-Jun-83 11:32:37 EDT References: <1928@sri-arpa.UUCP> Organization: High Altitude Obs./NCAR, Boulder CO Lines: 15 Tim Mann complained about security gaps in having /bin/mail setuid root. He proposed the following: The only safe (?) way I know of to set things up is to create a special "mail" group, make /bin/mail setgid to this group, and arrange for the mail spool directory and mail files to be group-writeable. It seem this opens a new can of worms. If /bin/mail is setgid instead of setuid, then all mail reading programs must be changed to not delete empty mailboxes. This is because new mailboxes would then be created owned by the sender (that old bugaboo), and you wouldn't be able to delete your own mail (unless all mail reading programs were also setgid). --peter