/var/spool/mail vulnerability

/var/spool/mail vulnerability

Post by Roman Golle » Fri, 18 Nov 1994 02:39:22



Someone pointed out that adduser makes user mail files group
read/writeable. Although the group itself is group mail, the inherent
problem is that when I do the following:

(BASH)
export MAIL="/var/spool/mail/<otherusername>"

or
(TCSH)
setenv MAIL /var/spool/mail/<otherusername>

I can read/modify the other user's mail file at my leisure. Is there really
any point for making the files group read/writeable?
And why does adduser not default to chmod 700 when making directories in
home?

Roman

--
Take your dying with some seriousness, however.  Laughing on the way to
your execution is not generally understood by less advanced life forms,
and they'll call you crazy.
               --"Messiah's Handbook: Reminders for the Advanced Soul"

 
 
 

/var/spool/mail vulnerability

Post by Damien P. Ne » Fri, 18 Nov 1994 03:45:33




>I can read/modify the other user's mail file at my leisure. Is there really
>any point for making the files group read/writeable?

Have you actually tried this?  Here's a sample transcript from my system:

b63519:~$ whoami
damien
b63519:~$ ls -l /var/spool/mail
total 62
-rw-rw----   1 cwf      mail         6196 Nov 15 14:15 cwf
-rw-rw----   1 damien   mail         4651 Nov 15 13:55 damien
-rw-rw----   1 jacob    mail            0 Oct 19 19:11 jacob
-rw-rw----   1 jer      mail        48704 Nov 16 08:59 jer
-rw-rw----   1 webmastr mail          566 Oct 22 16:35 webmastr
-rw-rw----   1 wes      mail            0 Nov 13 11:58 wes
b63519:~$ export MAIL=/var/spool/mail/cwf
b63519:~$ elm
Can't open folder '/var/spool/mail/cwf' for reading!

Quote:>And why does adduser not default to chmod 700 when making directories in
>home?

755 is the default permission on home directories on most UN*X systems that
I have seen.  If a user wants to make her home directory more secure, a
simple chmod will fix it.

If you prefer to create home directories as 700, I would assume that
changing adduser should be trivial.

              - Damien

 
 
 

/var/spool/mail vulnerability

Post by Roman Golle » Fri, 18 Nov 1994 06:06:29



: b63519:~$ whoami
: damien
: b63519:~$ ls -l /var/spool/mail
: total 62
: -rw-rw----   1 cwf      mail         6196 Nov 15 14:15 cwf
: -rw-rw----   1 damien   mail         4651 Nov 15 13:55 damien
: -rw-rw----   1 jacob    mail            0 Oct 19 19:11 jacob
: -rw-rw----   1 jer      mail        48704 Nov 16 08:59 jer
: -rw-rw----   1 webmastr mail          566 Oct 22 16:35 webmastr
: -rw-rw----   1 wes      mail            0 Nov 13 11:58 wes
: b63519:~$ export MAIL=/var/spool/mail/cwf
: b63519:~$ elm
: Can't open folder '/var/spool/mail/cwf' for reading!

I found out what the problem was. Tar did not keep the "s" in the dir
permissions intact (I recently repartitioned.). Sorry about the false alarm.

Roman

PS: I still see not reason for the chmod 660 on the mail files however.

 
 
 

/var/spool/mail vulnerability

Post by Chris Palm » Sat, 19 Nov 1994 01:17:12





>: b63519:~$ whoami
>: damien
>: b63519:~$ ls -l /var/spool/mail
>: total 62
>: -rw-rw----   1 cwf      mail         6196 Nov 15 14:15 cwf
>: -rw-rw----   1 damien   mail         4651 Nov 15 13:55 damien
>: -rw-rw----   1 jacob    mail            0 Oct 19 19:11 jacob
>: -rw-rw----   1 jer      mail        48704 Nov 16 08:59 jer
>: -rw-rw----   1 webmastr mail          566 Oct 22 16:35 webmastr
>: -rw-rw----   1 wes      mail            0 Nov 13 11:58 wes
>: b63519:~$ export MAIL=/var/spool/mail/cwf
>: b63519:~$ elm
>: Can't open folder '/var/spool/mail/cwf' for reading!

>I found out what the problem was. Tar did not keep the "s" in the dir
>permissions intact (I recently repartitioned.). Sorry about the false alarm.

>Roman

>PS: I still see not reason for the chmod 660 on the mail files however.

Off hand, not being an absolute guru, I would think the reason that the
mail directories are 660 with group mail is to allow the mail daemon
to access them without forcing it to be a su'ed program.

The more things running with su permission, the more potential security
holes there are on your system.

Cheers,

Chris.

--

 
 
 

/var/spool/mail vulnerability

Post by Claus-Dieter Bre » Sat, 19 Nov 1994 18:20:24






: >>And why does adduser not default to chmod 700 when making directories in
: >>home?

:       700 breaks finger, since the .plan file cannot be read.  Most Unix
: systems are fairly lenient on security, assuming that if you have really
: private data, you will do the chmod yourself.

Do not keep private data in your _home_ directory.
Create and use "drwx------" _sub_directories as required...

CDB

 
 
 

/var/spool/mail vulnerability

Post by Anthony J. Stuck » Sat, 19 Nov 1994 02:03:18





>>And why does adduser not default to chmod 700 when making directories in
>>home?
>755 is the default permission on home directories on most UN*X systems that
>I have seen.  If a user wants to make her home directory more secure, a
>simple chmod will fix it.

        700 breaks finger, since the .plan file cannot be read.  Most Unix
systems are fairly lenient on security, assuming that if you have really
private data, you will do the chmod yourself.
--

"And if you frisbee-throw a universe where does it go?" -- Steve Blunt.

KiboNumber == 1