Unix Security List
Steven M. Kramer
smk at linus.UUCP
Fri Jul 22 03:16:05 AEST 1983
OK -- there are many problems with UNIX. We have 4.1 and have had security
problems in the past. Let's start with mail. Rather than give the
penetration scenarios, this list the fixes to mailing:
in /usr/src/cmd/mail.c: put a setuid(getuid()) before the call to delivermail.
/usr/src/cmd/delivermail/deliver.c: put a if(access(filename,2)!=0)return(CANTCREATE);
before the fopen(filename,"a")
/usr/src/cmd/mail.c: make MAILMODE ~0600
/usr/src/cmd/ucbmail/lex.c: after the check for 'No mail for %s' do a stat
and see if the file is empty. If so, also print 'No mail for %s'
and return(-1);
/usr/lib/Mail.rc : make sure 'set keep' is in (to truncate rather than delete
null mail files from /usr/spool/mail. Note this is because in 4.1
close(creat) calls itrunc() in the OS and doesn't touch the directory,
which bring us to the next and final step:)
/usr/spool/mail: make mode 711
Now, mail is secure for your machine. Next step is uucp, but I haven't done
that fully yet.
--
--steve kramer
{allegra,genrad,ihnp4,utzoo,philabs,uw-beaver}!linus!smk (UUCP)
linus!smk at mitre-bedford (ARPA)
More information about the Comp.unix.wizards
mailing list