On 26 Feb 2017 14:19 -0500, from jim at deitygraveyard.com (Jim Carpenter):
>     No problem to sent a file from your area to mine. But you'd better not
> be able to move a file into the protected systems area: only the system
> manager is allowed there. Stallman's software had better make sure this can't
> happen.
> 
>     Gnu didn't check. It let anyone move a file into protected systems
> space. The hacker knew this; we didn't.

That agrees well with my translated version.

So in a sense, everything that the Emacs movemail (thanks Tim) bug
allowed you to do was _really_ enabled by the fact that there existed
a user SOMEONE, for which ~SOMEONE was a directory, _used at least in
part for privileged purposes by the operating system_, to which
ordinary users were expected to not have any write access?

Consequently, if system (as opposed to regular user) accounts had had
a home directory set to something else, some place where it didn't
really matter if an unprivileged user was able to drop files, then
that bug would have been a nuisance (giving random users the ability
to take up disk space unaccounted for, requiring clean-up) but not
really the problem it became?

Looking at my modern Debian system, I see users in /etc/passwd with
home directories like /bin, /usr/sbin, /var/spool/postfix, /proc,
/var/run/sshd, within but not actually /etc, ... So in effect, we are
still to a large degree relying on people not making the same kind of
mistake that was made in movemail when writing code that runs suid
root. I know that anything running as suid root is potentially very
dangerous, but that seems like a trivial mitigative strategy. (When
was the last time anyone logged in as "daemon" on a modern Linux
system, let alone needed their home directory then to be /usr/sbin?)

-- 
Michael Kjörling • https://michael.kjorling.se • michael at kjorling.se
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)