--On Wednesday, December 1, 2004 10:47 AM +0100 Steffen Kaiser <[EMAIL PROTECTED]> wrote:
account to use smrsh as its shell, then the user can only run the programs you specify -- and that includes programs called through procmail.
but not to the spawned ones (e.g. procmail). At least not in my installation.
Procmail su's to the user (the recipient) before executing anything in .procmailrc, so the usual filesystem protections apply. Sendmail needs the special treatment because it runs as root.
The idea presumably is that the user has to run a shell to create the .procmailrc to begin with, so the user can already execute programs and nothing extra is being given away. But this can lead to funny things. For example you might have separate shell login hosts and mail servers, but if the mail server reads .procmailrc over NFS, users can therefore execute programs on the mail server just by receiving mail. This should be recognized, but probably as in our case it does not get them anything they can't do anyway.
Joseph Brennan Academic Technologies Group, Academic Information Systems (AcIS) Columbia University in the City of New York
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
