From:	CRDGW2::CRDGW2::MRGATE::"SMTP::CRVAX.SRI.COM::RELAY-INFO-VAX" 24-MAY-1991 19:14:54.65
To:	ARISIA::EVERHART
CC:	
Subj:	BEWARE of using MAIL's EXTRACT for foreign files

From:	RELAY-INFO-VAX@CRVAX.SRI.COM@SMTP@CRDGW2
To:	Everhart@Arisia@MRGATE

Received:  by crdgw1.ge.com (5.57/GE 1.97)
	 id AA00320; Fri, 24 May 91 18:59:25 EDT
Received: From UCBVAX.BERKELEY.EDU by CRVAX.SRI.COM with TCP; Fri, 24 MAY 91 10:15:59 PDT
Received: by ucbvax.Berkeley.EDU (5.63/1.42)
	id AA24134; Fri, 24 May 91 09:57:23 -0700
Received: from USENET by ucbvax.Berkeley.EDU with netnews
	for info-vax@kl.sri.com (info-vax@kl.sri.com)
	(contact usenet@ucbvax.Berkeley.EDU if you have questions)
Date: 24 May 91 16:29:55 GMT
From: agate!spool.mu.edu!mips!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!zazen!psl.wisc.edu!georg.waisman.wisc.edu!swiggum@ucbvax.Berkeley.EDU
Organization: UW - Waisman Center
Subject: BEWARE of using MAIL's EXTRACT for foreign files
Message-Id: <24MAY91.11295592@georg.waisman.wisc.edu>
Sender: info-vax-request@kl.sri.com
To: info-vax@kl.sri.com

This is a new discovery for me, perhaps it is already known to many.  The
potential security risk is high for anybody, especially system managers, etc.

If you use the VMS MAIL utility and use the EXTRACT command for files sent to
you as "foreign", make sure to set some protection on these files when you
get out of MAIL.

Background:
	VMS MAIL allows you to send non-text files (e.g. executable
	images, savesets, etc.) with the SEND/FOREIGN command.  The
	recipient of this message cannot read the foreign message within
	VMS MAIL, but must extract it to a file before using it.

Problem:
	VMS MAIL's EXTRACT command, when operating on a foreign message
	creates a file with S:RWED,O:RWED,G:RWED,W:RWED protection.  It
	does not matter how you have your own default RMS protection
	set.  (This is used whenever you create any new files, including
	when you EXTRACT a normal text message to an RMS file.)

Implications:
	You may receive executable images or savesets via mail from
	someone you trust, and have no qualms about running them or
	installing them as-is.  But, unless you quickly protect such
	a file after extracting it from the foreign-mail-message, you
	have no guarantees that what you are running/installing is the
	same stuff that was sent to you.  Those of you out there with
	system privs can do lots of damage if someone nasty finds one
	of your loose files before you use it.

Respectfully Submitted,
Douglas Swiggum
Systems Programmer, University of Wisconsin--Madison
Swiggum@Waisman.Wisc.Edu