Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10 5/3/83; site qubix.UUCP Path: utzoo!linus!cca!decvax!decwrl!qubix!msc From: msc@qubix.UUCP Newsgroups: net.unix-wizards Subject: Re: /bin/mail Message-ID: <314@qubix.UUCP> Date: Fri, 10-Jun-83 11:07:19 EDT Article-I.D.: qubix.314 Posted: Fri Jun 10 11:07:19 1983 Date-Received: Sat, 11-Jun-83 12:05:51 EDT References: <1928@sri-arpa.UUCP> Organization: Qubix Graphic Systems, Saratoga, CA Lines: 12 It is true that /bin/mail allows you to write to files but there is no security hole. I run our /bin/mail suid root. It will not, however let you write to files owned by root or anyone else. Obviously someone thought of this and the program sets itself to its real user ID before trying to write to files. -- Mark ...{decvax,ucbvax}!decwrl!qubix!msc ...{ittvax,amd70}!qubix!msc decwrl!qubix!msc@Berkeley.ARPA