From owner-freebsd-hackers  Tue Apr 23 06:59:19 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id GAA03940
          for hackers-outgoing; Tue, 23 Apr 1996 06:59:19 -0700 (PDT)
Received: from crh.cl.msu.edu (crh.cl.msu.edu [35.8.1.24])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id GAA03935
          for <freebsd-hackers@freebsd.org>; Tue, 23 Apr 1996 06:59:17 -0700 (PDT)
Received: (from henrich@localhost) by crh.cl.msu.edu (8.6.12/8.6.12) id JAA05012; Tue, 23 Apr 1996 09:58:33 -0400
From: Charles Henrich <henrich@crh.cl.msu.edu>
Message-Id: <199604231358.JAA05012@crh.cl.msu.edu>
Subject: Re: .forward and sendmail?
To: joerg_wunsch@uriah.heep.sax.de
Date: Tue, 23 Apr 1996 09:58:33 -0400 (EDT)
Cc: freebsd-hackers@freebsd.org, davidg@Root.COM
In-Reply-To: <199604230332.FAA21276@uriah.heep.sax.de> from "J Wunsch" at Apr 23, 96 05:32:42 am
X-Mailer: ELM [version 2.4 PL24 ME8a]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> Yes, but think about it.  It reads the .forward with the identity of
> `daemon', not `root'.  Otherwise, any user could link his ~/.forward
> to a file read-only for root, and try to figure out the contents of
> this file by sending mail to himself, and analyzing the bounces.  Not
> that this will compromise the entire file, but that's why i wrote: ``I
> would call it a security feature.''

Yes but think about it, .forwards WILL NOT WORK USUALLY EVER if sendmail doesnt
read .forward's as root!  Most home directories are 700!  This is a *bug* not a
feature.

-Crh

       Charles Henrich     Michigan State University     henrich@msu.edu

                         http://pilot.msu.edu/~henrich