Tommy Braun writes:
HI,On Fri, 06 Jan 2006 18:18:03 -0500, you wrote:Also, if you are using any kind of a "catchall" setup of any kind, forget the whole thing unless you have knowledge and experience in system security; because unless you understand VERY well how maildrop and shell expansion works, you're going to be running an exploitable script with gaping security holes.Could you please explain that, i did not get the point... (trying to get into maildrop right now...)
Here's an example, for illustration purposes only. I might get some minor technical point wrong, and this exploit may not work as given, but this just gives you the general idea.
Let's skip the technical details of setting up a catch-all mailbox. Suppose you have a catchall mail account set up, so that mail for [EMAIL PROTECTED] goes to your mail account, you're invoking maildrop from your .courier-default file, read EXT to determine what 'something' is, and try something like this:
import EXT cc "| echo "Subject: Received message addressed to $EXT" | sendmail [EMAIL PROTECTED]" to "Maildir"So, when you receive a message addressed to <[EMAIL PROTECTED]>, it gets saved into your mailbox, and you get an SMS message on your phone with the subject "Received message addressed to info".
Now, let's see if you can figure out what will happen when some joker sends a test message addressed to <`rm -rf [EMAIL PROTECTED]>.
pgpjlNsJBXaqo.pgp
Description: PGP signature
