[Info-vax] purging another user's mail from a semi-priviledged account
David Froble
davef at tsoft-inc.com
Fri Apr 5 13:25:07 EDT 2013
Phillip Helbig---undress to reply wrote:
> From a process with these privs:
>
> Authorized privileges:
> NETMBX OPER READALL SETPRV TMPMBX
>
> Process privileges:
> NETMBX may create network device
> OPER may perform operator functions
> READALL may read anything as the owner
> TMPMBX may create temporary mailbox
>
> MAIL> PURGE will purge the current mail file even if it belongs to
> another user. Presumably, MAIL makes use of SETPRV to do this.
>
> Is this expected or surprising?
>
Without researching it, and not considering the UIC of the account, I'd
select answer B, OPER.
SETPRV gives you the capability to set any priv flag/mask/bit, but just
having the priv will not give you any of the other privs. You must
explicitly set privs. It is possible that some applications will
attempt to use SETPRV, and if it is available, then the application
could set additional privs.
Possibly the application being run is installed with privs ??
You really haven't given nearly enough information.
More information about the Info-vax
mailing list