I'll second this with the note that inc only needs to be setuid for
RPOP, a non-standard POP authentication method which uses
rlogin/rsh-like authentication via ruserok(). We all know how secure
_that_ is, so losing that functionality might be considered a feature.
Of course, you should check to make sure your popserver doesn't support
RPOP to catch that hole.
>Instead, use popclient to retrieve mail and procmail/rcvstore to deliver
>the messages into the MH mailboxes. This still allows users to use inc
>to suck in mbox format mailboxes.
You can still do POP with either username/password or APOP authentication
with a non-setuid inc -- you just have to type your password each time.
>The popclient package is also installed by default with RedHat (at least it
>was with 4.2, I haven't installed 5.0 yet).
>
>> MH also installs another suid-program: msgchk. It's also posible to get a
>> Segmentation fault whith the same option, but I haven't been able to exploit
>> it. I have worked on it quite a few. Could someone probe it a little deeper??
Once again, RPOP is reason behind the setuid bit being on. Torch it.
Redhat should be compiling MH without RPOP and overriding the
installation commands that turn on the setuid bits on inc and msgchk.
Philip Guenther
----------------------------------------------------------------
Philip Guenther UNIX Systems and Network Administrator
Internet: guenther@gac.edu Voicenet: (507) 933-7596
Gustavus Adolphus College St. Peter, MN 56082-1498