>>>>> "James" == James W Abendschan <unkadath!shamus@naucse.cse.nau.edu> writes: James> Three solaris-related things I'd like to ask the list-- and James> if you know, and are willing to share this info (key point James> here), please speak up. James> 1) /var/mail is world writable, but has a sticky bit to James> prevent people from removing other people's mailboxes. James> Still, I can create mailboxes for users who don't have them James> (like smtp) .. will this pose a problem in the future? That is very odd. I'm running real SVR4, and /var/mail is owner root, group mail, mode 775. The mail programs all run setgid mail so they can create the mailboxes. This way no-one can create bogus mailboxes directly. James> I know that if sendmail had some sort of support for v7 James> forwarding capabilties (ie; /var/mail/smtp contains Forward James> to |/tmp/foosh, then mail to smtp runs /tmp/foosh as uid James> smtp, which just happens to be 0 on our systems) this would James> be an easy exploit.. but apparently sendmail 8.6.9 doesn't James> hold to those kind of conventions (thank gods) Sendmail doesn't deliver mail, it invokes the program listed on the Mlocal line in the sendmail.cf file (after setuiding itself to the recieving user). You'll have to check out the capabilities of that program to be sure (although sendmail 8 comes with a binmail delivery program which doesn't do any forwarding). Of course, you can put "|/tmp/foosh" into the $HOME/.forward file of any user, so check the perms on the home directories of all of your sys userids. -- Tony Lill, Tony.Lill@AJLC.Waterloo.ON.CA President, A. J. Lill Consultants (519) 241 2461 539 Grand Valley Dr., Cambridge, Ont. fax/data (519) 650 3571 "Welcome to All Things UNIX, where if it's not UNIX, it's CRAP!"