deceptive mail
L.M.McLoughlin
lmcl at ukc.UUCP
Sun Nov 11 11:26:59 AEST 1984
In article <331 at uvm-cs.UUCP> hartley at uvm-cs.UUCP (Stephen J. Hartley) writes:
>Somebody here noticed the following "feature" of mail (4.2 BSD). Under
>certain conditions, a user "xyzu" can do a "set user=abcd" and send mail
>to user "pqrs". To "pqrs" it appears that "abcd" sent the mail (xyzu <>
>abcd). This could cause misunderstandings or such if "xyzu" were malicious.
>Is this a feature or a bug? Thanks.
I thought it was a bug. When we switched to MMDF it agreed with me.
The From: line and who is posting the message must agree or mmdf tells
you to drop dead (to be honest it says something like invalid author spec).
So I change the rmail to ignore the USER enviroment variable and alway go by
uid.
More information about the Comp.unix.wizards
mailing list