Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 75418 - useradd creates group readable/writable mailspool file
useradd creates group readable/writable mailspool file
Status: CLOSED DUPLICATE of bug 59810
Product: Red Hat Linux
Classification: Retired
Component: shadow-utils (Show other bugs)
7.3
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-10-08 06:11 EDT by Jarno Huuskonen
Modified: 2007-03-26 23:57 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-21 13:49:47 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch from Owl for securely creating the mailspool file (1.17 KB, patch)
2002-10-08 06:13 EDT, Jarno Huuskonen 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Jarno Huuskonen 2002-10-08 06:11:17 EDT 
Description of Problem:
useradd creates /var/spool/mail/username mailspool file with mode 0660, so
if the users primary group is a shared group eg. users then all other group
members can read/write the poor users mails.

Version-Release number of selected component (if applicable):
shadow-utils-20000902-7

How Reproducible:
always

Steps to Reproduce:
1. useradd -g users somebody

Actual Results:
/var/spool/mail/somebody is owned by somebody:users and is mode 0660

Expected Results:
/var/spool/mail/somebody should not be readable/writable by users group !

Additional Information:
This bug is a duplicate of 59810. This one just applies to RH 7.3. I also
checked the latest rawhide shadow-utils and it still has the same buggy
shadow-20000902-mailspool.patch patch.

Owl has a patch for "correctly" creating the mailspool. That patch applies to
shadow-utils-20000902-7 with minimal changes. I'll attach the patch.
Comment 1 Jarno Huuskonen 2002-10-08 06:13:49 EDT 
Created attachment 79325 [details]
Patch from Owl for securely creating the mailspool file
Comment 2 Alan Cox 2002-12-18 13:03:50 EST 

*** This bug has been marked as a duplicate of 59810 ***
Comment 3 Red Hat Bugzilla 2006-02-21 13:49:47 EST 
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.