mail

Smoot Carl-Mitchell smoot at tic.com
Wed Jun 18 18:43:11 UTC 2008 

On Wed, 2008-06-18 at 13:06 -0300, Derek Broughton wrote:
> Smoot Carl-Mitchell wrote:
> 
> >> Well, it's a pain for actually _reading_ mail, but it's pretty much
> >> necessary if you want things like cron to deliver mail for you
> > 
> > I do not think it is needed.  cron seems to call /usr/sbin/sendmail
> > which is either postfix or sendmail, depending on the installed MTA.
> > The mailx package is unnecessary to send mail from cron, although for
> > explicitly sending mail, it is easier to use than the raw sendmail
> > interface.
> 
> Yeah, you're right.
> 
> How about "things like cron, that aren't actually cron"? :-)  If you want to
> send mail from scripts, it's easier than learning how to use sendmail
> directly, but you're right that it isn't really necessary.

I have seen cron entries which do things like:

do_something | mailx -s "I did something" whoever at soem.domain

which makes using the mailx command convenient, since it has hooks to
add the Subject: header.  In most cases this is not an issue, since cron
mails stuff to the owner of the cron entry.

mailx is a System V extension to the original Berkeley "Mail" program
(yes, it was uppercase, so as not to conflict
with /bin/mail).  /bin/mail was the original Unix mail program which
goes back to version 5 or version 6 of Bell Labs Unix from the 1970s.
It was also probably used as the vector for the first cracking of root
privileges on early Unix systems.

The program ran setuid to root, so it could write into the mbox file in
a user's home directory. However, it did not check check the hardlink
count of the target file.  So you could do something like:

ln /etc/passwd mbox

then mail yourself a password file with a new root user entry with a
known password. In the early days the user home directories lived
in /usr and were usually on the same filesystem as /etc. Please do not
try this today.  It will not work, since modern mail delivery systems
check the link count of the target and whether the target is a symlink. 
-- 
Smoot Carl-Mitchell
System/Network Architect
smoot at tic.com
+1 480 922 7313
cell: +1 602 421 9005

More information about the ubuntu-users mailing list