From: CSBVAX::MRGATE!rms@wheaties.ai.mit.edu@SMTP 14-JUN-1988 04:57 To: ARISIA::EVERHART Subj: security bug? Received: from sugar-bombs.ai.mit.edu by prep.ai.mit.edu; Tue, 14 Jun 88 02:38:26 EST Received: by sugar-bombs.ai.mit.edu; Tue, 14 Jun 88 03:46:58 EDT Date: Tue, 14 Jun 88 03:46:58 EDT From: rms@wheaties.ai.mit.edu (Richard Stallman) Message-Id: <8806140746.AA00390@sugar-bombs.ai.mit.edu> To: geoff@usafa.arpa To: info-gnu-emacs@prep.ai.mit.edu In-Reply-To: Capt Geoff Mulligan's message of Mon, 13 Jun 88 11:16:06 MDT <8806131716.AA20941@usafa.ARPA> Subject: security bug? The article you quote repeats an inaccurate statement in the original CACM article about the cracker. The Emacs distribution includes a program called `movemail' which moves an inbox file out of /usr/spool/mail, with proper interlocking. As we distribute Emacs, this is an ordinary user program not expected to have any special privileges. Our installation script does not give it any. The site at LBL probably changed the protection of /usr/spool/mail (I don't understand why people do this, but `movemail' is designed for the usual protection setting), and when this caused the interlocking in `movemail' to malfunction, they tried the cheap fix of making `movemail' set-uid to root. People who want security (I am not one of them) ought to know that they can't safely turn on the set-uid bit on a program that wasn't specifically designed for such use. The article said that this was a bug in GNU Emacs "as distributed". Actually the bug was actually introduced by local changes and is not present in GNU Emacs as distributed. Unfortunately, the original careless statement blaming us is now being propagated by ignorant journalists everywhere. Bob Brewin seems to be a real prize. Just seeing me called a "private entrepreneur" ought to make it clear that the rest of the article is likely to be wrong as well. If someone wants to write (and test) changes to `movemail' so that it can run with set-uid, I would not mind installing them. I do not know about writing such things myself. If you do it real fast, it could go in Emacs version 18.52. Otherwise, there will be no new release till version 19. (A few weeks ago I invited Cliff Stoll to do this, but I have not received anything.) Meanwhile, if anyone else among you encounters what appears to be a bug in GNU Emacs, I hope you will do something useful--such as send a bug report to bug-gnu-emacs. How would you like it if the first you heard about a purported bug in your program was when your friends showed you a magazine article about it?