john,
i'm not a guru in this area, so i've forwarded your suggestion to
the mh-workers list.
--bw
------- Forwarded Message
Date: Thu, 14 Jan 1993 16:47:22 -0800
From: John Schmitz <schmitz(_at_)scd(_dot_)hp(_dot_)com>
To: wohler(_at_)sap-ag(_dot_)de
Subject: Re: slocal, sendmail and hp
In article <9301142206(_dot_)AA09031(_at_)sap-ag(_dot_)de> you write:
1. install slocal on hpux (or probably any other operating system
where you have to be group mail to write /usr/spool/mail or
/usr/mail). john tells me that because of security precautions,
slocal is not installed setgid.
If the problem is that the setgid bit would allow users to write to
files that are owned by the group id of the setgid (typically
"mail"), how about something like this in usr_file() which only uses
the setgid when writing to the users mail spool? Or is there
another hole?
#ifdef SYS5
if (strcmp(mailbox, mbox) == 0) {
local_gid = getegid();
file_mode = 0660;
}
else {
local_gid = pw -> pw_gid;
file_mode = m_gmprot();
}
if ((md = mbx_open (mailbox, pw -> pw_uid, local_gid, file_mode))
== NOTOK) {
adorn ("", "unable to open:");
return NOTOK;
}
#else
if ((md = mbx_open (mailbox, pw -> pw_uid, pw -> pw_gid, m_gmprot()))
== NOTOK) {
adorn ("", "unable to open:");
return NOTOK;
}
#endif
------- End of Forwarded Message