Newsgroups: comp.unix.wizards
Path: utzoo!lsuc!dave
From: dave@lsuc.uucp (David Sherman)
Subject: Re: /bin/mail mailing to files
Reply-To: dave@lsuc.UUCP (David Sherman)
Date: Sun, 3-Jan-88 20:26:09 EST
Summary: dangerous to let a setUID program mail to a file
Message-ID: <1988Jan3.202611.706@lsuc.uucp>
References: <10906@brl-adm.ARPA>
Organization: Law Society of Upper Canada, Toronto

In article <10906@brl-adm.ARPA> jlunny@nswc-g.arpa writes:
>
>i'm trying to use /bin/mail to mail a letter to a local file and
>obviously i am not having much luck.  both ucbmail and binmail pass
>their requests to sendmail, which in turn sends it to its local
>mailer, and on my system it is binmail.  
>
>i know ucbmail will mail letters to local files because ucbmail will
>do the actual write operation itself if the recipient is a file and
>not exec sendmail, unlike binmail which does pass the request to
>sendmail if the recipient is a file.
>
>i have looked at the source of sendmail and don't see how it is
>possible to mail letters to files if sendmail is in the loop.  would
>somebody please tell me how/if it is possible?

UCB Mail can write to a file because it's non-setUID, leaving
the actual delivery of mail (to others' mailboxes) to /bin/mail
or some other real mailer.  Once you're into a sequence involving
setUID programs, you can't allow mailing to files unless the
programs have all kinds of careful checking about ownership
and permissions. (Consider what would happen if you could mail
the line "trojan::0::/:" to /etc/passwd.)

David Sherman
The Law Society of Upper Canada
-- 
{ uunet!mnetor  pyramid!utai  decvax!utcsri  ihnp4!utzoo } !lsuc!dave
Pronounce it ell-ess-you-see, please...
