[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Pine and the mail spool

Subject: [ale] Pine and the mail spool
From: hackrat at psiu.ml.org (Hat)
Date: Fri, 2 Oct 1998 19:55:19 -0400 (EDT)

On Fri, 2 Oct 1998, ari wrote:

> make pine setgid-mail
> 
> chgrp mail pine (or chown root.mail pine)
> chmod 2755 pine (or 2711, doesn't matter)

That allows you to use pine to look at anyone's 
e-mail! You put a symlink to anyone's inbox in your
~/mail directory, and list folders.

That doesn't make the message go away and it allows people
to use pine to do things they shouldn't be able to do.

Nor does is explain why the permissions below leave something
vunerable.......

> > I used to have it the permissions/ownerships
> > 
> > drwxrwxr-x   2 root     mail
> > 
> > What is wrong with this and what makes this vunerable???

This is what I'm really wondering about! 

-Hat

Prev by Date: [ale] Pine and the mail spool
Next by Date: [ale] Cdrom that isn't?
Previous by thread: [ale] Pine and the mail spool
Next by thread: [ale] Pine and the mail spool
Index(es):
- Date
- Thread