Re: BoS: Re: Solaris mailx hole

[travis () EvTech com (Travis Hassloch x231)]

In message <Pine.SUN.3.91.960702005934.18788A-100000 () bigdog fred net> you write
:
>         echo "localhost $USER" | /bin/mail $TARGET

This line should be preceeded somewhere in the script by a line
which sets $USER:

USER=`whoami`

>         2. We have considered several potential workarounds for this
>            vulnerability.  The ideal fix would be to remove global write
>            access to the mail spool directory.  However, this is not
>            possible as programs such as /bin/mail, /usr/ucb/Mail and
>            elm require everyone to have write access.  Also it is not

                        or to be sgid-mail.

>            possible to, for example, change the group ownership of
>            /var/spool/mail to mail and give /bin/mail and /usr/ucb/Mail
>            setgid mail privilege, as they do not reset their group id
>            before forking a shell.

             Unless you have sources and can fix them.

>            i. Ensure that every user maintains a mailbox file.  The
>               following program will create a mailbox for every user
>               on the system, if one does not currently exist.

  Would it also suffice to have an alias for each such user?