Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10 6/7/83; site hao.UUCP
Path: utzoo!linus!genrad!mit-eddi!mit-vax!eagle!harpo!seismo!hao!pag
From: pag@hao.UUCP
Newsgroups: net.unix-wizards
Subject: Re: /bin/mail
Message-ID: <532@hao.UUCP>
Date: Thu, 9-Jun-83 12:45:42 EDT
Article-I.D.: hao.532
Posted: Thu Jun  9 12:45:42 1983
Date-Received: Fri, 10-Jun-83 11:32:37 EDT
References: <1928@sri-arpa.UUCP>
Organization: High Altitude Obs./NCAR, Boulder CO
Lines: 15

Tim Mann complained about security gaps in having /bin/mail setuid
root.  He proposed the following:

    The only safe (?) way I know of to set things up is to create
    a special "mail" group, make /bin/mail setgid to this group,
    and arrange for the mail spool directory and mail files to be
    group-writeable.

It seem this opens a new can of worms.  If /bin/mail is setgid instead
of setuid, then all mail reading programs must be changed to not delete
empty mailboxes.  This is because new mailboxes would then be created owned
by the sender (that old bugaboo), and you wouldn't be able to delete your
own mail (unless all mail reading programs were also setgid).

--peter