Permissions for ~/.forward Files
The ~/.forward file can pose a
security risk to individual users. There is a higher
degree of risk if the user is
root or one of the
semiprivileged users (such as
bin). Because the
~/.forward file is like an
individual mailing list (
:include:) for the user, risk can be
encountered if that file is writable by anyone but
the user. Consider the following, for
drwxr-xr-x 50 george guest 3072 Sep 27 09:19 /home/george/ -rw-rw-r— 1 george guest 62 Sep 17 09:49 /home/george/.forward
Here, the user george’s
~/.forward file is writable
by the group
guest. Anyone in group
guest can edit
~/.forward file, possibly
placing something such as this into it:
\george |"cp /bin/sh /home/george/.x; chmod u+s /home/george/.x"
Now all the attacker has to do is send george mail to create a set-user-id george shell. Then, by executing /home/george/.x, the attacker becomes george.
The semiprivileged users such as bin, and root in particular, should never have ~/.forward files. Instead, they should forward their mail by means of the aliases file directly.
User ~/.forward files must be writable only by the owning user. Similarly, user home directories must live in a directory that is owned and writable only by root, and must themselves be owned and writable only by the user.
Some users, such as the pseudouser uucp, have home directories that must be world-writable for software to work properly. If that software is not needed (if a machine, for example, doesn’t ...