Chuck Williams writes:
The dot-courier man page does not specify who the user is when external commands are executed.
Who do you expect it to be? If you set up a .courier file in your home directory, containing arbitrary commands to be executed upon mail delivery, would you expect the arbitrary commands to be executed:
1) By root 2) By your own userid and groupid 3) By some other userid and groupidObviously, the answer is #2. Otherwise you can write arbitrary commands and have them executed under another uid (root!) by the virtue of sending yourself a test message. Wouldn't that be lots of fun?
pgpqit12sBdrZ.pgp
Description: PGP signature
------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
