[Top] [All Lists]

Re: [nmh-workers] I Could Have Sworn that the inc Command used to work.

2019-06-08 08:18:18
Hi Ken,

I notice that a setuid inc(1) has various troubles due to the use of
real user ID rather than effective.

Like ... what?

It's simple to copy inc and make it setuid to another user and then run

    $ ./inc
    Welcome to nmh version 1.7+dev

    See the release notes in /usr/share/doc/nmh/NEWS

    Send bug reports, questions, suggestions, and patches to
    nmh-workers@nongnu.org.  That mailing list is relatively quiet, so user
    questions are encouraged.  Users are also encouraged to subscribe, and
    view the archives, at https://lists.gnu.org/mailman/listinfo/nmh-workers

    This message will not be repeated until nmh is next updated.

    Press enter to continue: 

    inc: error on folder /home/ralph/mail/inbox: Permission denied

So it's trying to access my inbox rather than the other user's.  Also,
both the other user and I have already acknowledged the 1.7+dev welcome
message, yet it is shown again.  I expect other problems would come to
light if I persisted.

I would have though using the real UID would have been the correct

I have permission to access the effective user's files, and not the real
user's, then shouldn't those be the ones I'm attempting to access?

Also, I didn't even think we supported that

This is Unix and setuid and setgid is normal.  Unless we explicitly rule
it out in some cases, it's ruled in.  :-)

Cheers, Ralph.


<Prev in Thread] Current Thread [Next in Thread>