Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10 5/3/83; site watmath.UUCP
Path: utzoo!watmath!bstempleton
From: bstempleton@watmath.UUCP (Brad Templeton)
Newsgroups: net.unix-wizards
Subject: Re: Mail security
Message-ID: <5392@watmath.UUCP>
Date: Mon, 13-Jun-83 03:46:00 EDT
Article-I.D.: watmath.5392
Posted: Mon Jun 13 03:46:00 1983
Date-Received: Mon, 13-Jun-83 04:46:28 EDT
References: <2017@sri-arpa.UUCP>
Organization: U of Waterloo, Ontario
Lines: 23

Come on, guys.  Mail security is not hard at all.
First of all, ignore that /bin/mail calls delivermail calls /bin/mail -d
This is a kludge of a high order, although not hard to get around, since
you just have to split the two programs.

Delivermail gets no powers.  You give the delivery programs the power.
This includes something like /bin/mail -d and uux (on our system uucp is
secure) etc.

Now, if you leave /usr/spool/mail writable so mailers can release
mailboxes, you are of course leaving lots of holes.  If, however you
secure it and right a small utility suid to the owner of /usr/spool/mail
that will release the mailbox of getuid() then mailers can call this.
Voila, you are secure.

There is no need to have group permissions or anything else as I
see it.   Mind you, why not put the mailbox in the user's directory
(perhaps in a system-files directory if we can ever get one going)
and avoid any problems you imagine.
.

-- 
	Brad Templeton - Waterloo, Ont. (519) 886-7304