[ale] Pine and the mail spool

Hat hackrat at psiu.ml.org
Fri Oct 2 19:55:19 EDT 1998


On Fri, 2 Oct 1998, ari wrote:

> make pine setgid-mail
> 
> chgrp mail pine (or chown root.mail pine)
> chmod 2755 pine (or 2711, doesn't matter)

That allows you to use pine to look at anyone's 
e-mail! You put a symlink to anyone's inbox in your
~/mail directory, and list folders.

That doesn't make the message go away and it allows people
to use pine to do things they shouldn't be able to do.

Nor does is explain why the permissions below leave something
vunerable.......

> > I used to have it the permissions/ownerships
> > 
> > drwxrwxr-x   2 root     mail
> > 
> > What is wrong with this and what makes this vunerable???

This is what I'm really wondering about! 

-Hat






More information about the Ale mailing list