On Fri, Mar 30, 2001 at 12:55:21PM -0500, Richard A Nelson wrote: > > ls -l /var/spool/mail > > drwxrwsr-x 2 root mail 4096 Mar 30 11:13 ./ > > afaict, the sticky bit doesn't buy anything with g=w,o!=w directory
yes it does, the sticky bit doesn't have any relation to world
writability, other then world writable directories are almost never
without the sticky bit.
[EMAIL PROTECTED] /tmp]$ ls -ld test/
drwxrwxr-t 2 root users 1024 Mar 30 14:54 test/
[EMAIL PROTECTED] /tmp]$ cd test/
[EMAIL PROTECTED] test]$ ls -l
total 0
-rw-r--r-- 1 root root 0 Mar 30 14:55 rootsfile
[EMAIL PROTECTED] test]$ rm -f rootsfile
rm: cannot unlink `rootsfile': Operation not permitted
[EMAIL PROTECTED] test]$ touch mefile
[EMAIL PROTECTED] test]$ ls -l
total 0
-rw-r----- 1 eb eb 0 Mar 30 14:55 mefile
-rw-r--r-- 1 root root 0 Mar 30 14:55 rootsfile
[EMAIL PROTECTED] test]$ rm -f mefile
[EMAIL PROTECTED] test]$
the reason /var/mail should be sticky is there are only a bazillion
setgid mail programs many of them i have no doubt were not written
securely (mailx sure wasn't). so assuming that users' can't
appropriate gid=mail is not a good idea.
for example, anyone install the pine-src and then create pine .debs?
notice its setgid mail? try something like this:
$ export HOME=`perl -e 'print "x" x 100000'`
## maybe 10000 but i doubt it matters
$ pine
and watch it segfault.
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpuFAADv4eI0.pgp
Description: PGP signature
