Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10 5/3/83; site qubix.UUCP
Path: utzoo!linus!cca!decvax!decwrl!qubix!msc
From: msc@qubix.UUCP
Newsgroups: net.unix-wizards
Subject: Re: /bin/mail
Message-ID: <314@qubix.UUCP>
Date: Fri, 10-Jun-83 11:07:19 EDT
Article-I.D.: qubix.314
Posted: Fri Jun 10 11:07:19 1983
Date-Received: Sat, 11-Jun-83 12:05:51 EDT
References: <1928@sri-arpa.UUCP>
Organization: Qubix Graphic Systems, Saratoga, CA
Lines: 12


	It is true that /bin/mail allows you to write to files but there
	is no security hole.  I run our /bin/mail suid root.  It will
	not, however let you write to files owned by root or anyone else.

	Obviously someone thought of this and the program sets itself to
	its real user ID before trying to write to files.
-- 
	Mark
	...{decvax,ucbvax}!decwrl!qubix!msc
	...{ittvax,amd70}!qubix!msc
	decwrl!qubix!msc@Berkeley.ARPA