Re: disabling shell-escape
I understand. There is definitely always that possibility that users will get a shell. However, can SELinux help in this case? Perhaps I can confined the users with basic access, one that does not allow a user to run any execution from their home or /tmp. We have a debian deployment but can migrate our users to CentOS without a problem. I realized running a chroot does not help much since the system only runs postfix and mutt. If I jail mutt, then I have to jail postfix and if I do that, I defeat the purpose of the jail entirely. On 05/10/2014 05:01 PM, Derek Martin wrote: On Fri, May 09, 2014 at 03:14:03PM -0700, Shawn Zaidermann wrote: Is there a way to completely disable the shell-escape feature? In short, no. If you're trying to prevent mutt users from gaining any access to the shell, you also have to concern yourself with things like: my_var=`run arbitrary shell command here` in the user's .muttrc. The bottom line is Mutt was not designed for restricted access... but then neither was any other e-mail client AFAIK. But also, as the author of rssh, I can tell you that this turns out to be an extremely hard problem (though exactly how hard is somewhat OS dependent), and is probably not worth your time. The best you can hope for is to restrict unsophisticated users; if you have savvy users on your system and they REALLY want to get shell access, they probably will. You have to trust your users, and if you can't you've basically already lost the battle. If you do, then there's no point in confining them to your idea of what's safe.
Re: disabling shell-escape
Hi, On Sun, May 11, 2014 at 12:20:27PM -0700, Shawn Zaidermann wrote: I understand. There is definitely always that possibility that users will get a shell. However, can SELinux help in this case? Perhaps I can confined the users with basic access, one that does not allow a user to run any execution from their home or /tmp. We have a debian deployment but can migrate our users to CentOS without a problem. I realized running a chroot does not help much since the system only runs postfix and mutt. If I jail mutt, then I have to jail postfix and if I do that, I defeat the purpose of the jail entirely. If you want to place such narrow restrictions on your users, why give them a shell account at all (assuming that's how they will run mutt)? -- Suvayu Open source is the future. It sets us free.
Re: Correct syntax of send hook
Derek: On Sat,May 10 06:49:PM, Derek Martin wrote: Mostly I reply here due to a curiosity: Why is 'messed' in single quotes here? I see people do this increasingly often, and I don't get why. Are you implying that the single quotes should have been escaped then ? ;) -- GG
Re: Correct syntax of send hook
* Guy Gold g...@merl.com [05-11-14 07:38]: On Sat,May 10 06:49:PM, Derek Martin wrote: Mostly I reply here due to a curiosity: Why is 'messed' in single quotes here? I see people do this increasingly often, and I don't get why. Are you implying that the single quotes should have been escaped then ? ;) Iiuc, the comment pertains to the comment rather than the syntax of send hook, ie: correct usage of the English written word. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.orgopenSUSE Community Memberfacebook/ptilopteri http://wahoo.no-ip.orgPhoto Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535@ http://linuxcounter.net
Re: disabling shell-escape
You don't need to jail postfix for your situation. Build Mutt with smtp support, and set smtp_server to localhost. Your SMTP processes will run in the global context, and mutt will only need a socket to that. * On 11 May 2014, Shawn Zaidermann wrote: I understand. There is definitely always that possibility that users will get a shell. However, can SELinux help in this case? Perhaps I can confined the users with basic access, one that does not allow a user to run any execution from their home or /tmp. We have a debian deployment but can migrate our users to CentOS without a problem. I realized running a chroot does not help much since the system only runs postfix and mutt. If I jail mutt, then I have to jail postfix and if I do that, I defeat the purpose of the jail entirely. On 05/10/2014 05:01 PM, Derek Martin wrote: On Fri, May 09, 2014 at 03:14:03PM -0700, Shawn Zaidermann wrote: Is there a way to completely disable the shell-escape feature? In short, no. If you're trying to prevent mutt users from gaining any access to the shell, you also have to concern yourself with things like: my_var=`run arbitrary shell command here` in the user's .muttrc. The bottom line is Mutt was not designed for restricted access... but then neither was any other e-mail client AFAIK. But also, as the author of rssh, I can tell you that this turns out to be an extremely hard problem (though exactly how hard is somewhat OS dependent), and is probably not worth your time. The best you can hope for is to restrict unsophisticated users; if you have savvy users on your system and they REALLY want to get shell access, they probably will. You have to trust your users, and if you can't you've basically already lost the battle. If you do, then there's no point in confining them to your idea of what's safe. -- David Champion • d...@bikeshed.us
Re: Correct syntax of send hook
On Sun, May 11, 2014 at 07:54:16AM -0400, Patrick Shanahan wrote: * Guy Gold g...@merl.com [05-11-14 07:38]: On Sat,May 10 06:49:PM, Derek Martin wrote: Mostly I reply here due to a curiosity: Why is 'messed' in single quotes here? I see people do this increasingly often, and I don't get why. Are you implying that the single quotes should have been escaped then ? ;) Iiuc, the comment pertains to the comment rather than the syntax of send hook, ie: correct usage of the English written word. I believe he understood that and was making a joke, i.e. in English should the single quotes be escaped then. At least I laughed. :) More worrying are the strange ammendments that American English is imposing (or has imposed) on us people who speak the proper English! -- If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing. --- Malcolm X
Re: Correct syntax of send hook
On 2014/5/11 11:08 PM, Chris Bannister wrote: -snip- More worrying are the strange ammendments that American English is imposing (or has imposed) on us people who speak the proper English! I'm sorry, but as an American I have to come out of lurk mode for this... What you tried to write, Chris, refers to those who speak in the nominative case. The phrase at the end of your sentence should therefore begin we, not us. May I suggest we who speak proper English! instead of us people who speak the proper English! Regarding strange ammendments [sic] that American English is imposing, I for one am appalled by what I regularly hear on the BBC World Service (radio). Ciao - Mark.
Re: Correct syntax of send hook
On Sat,May 10 06:49:PM, Derek Martin wrote: Mostly I reply here due to a curiosity: Why is 'messed' in single quotes here? I see people do this increasingly often, and I don't get why. Are you a coder, Derek? I use single-quotes when I'm coding because it's faster; I don't have to hit the shift key. Perhaps the objectionable text you saw came from a coder. Ciao - Mark.
Re: Correct syntax of send hook
While I'm glad you've got your syntax working, it is often easier (and more flexible) to move tricky shell incantations off into a script. As an example, I run a specialish vim incantation as my mutt editor. My muttrc just says: set editor=muttedit and muttedit is a script in my bin directory, code here: https://bitbucket.org/cameron_simpson/css/src/tip/bin/muttedit It in turn sets editor to vim-flowed, which is a small wrapper for vim that puts it in a suitable mode for editing email with format-flowed: https://bitbucket.org/cameron_simpson/css/src/tip/bin/vim-flowed Stuff all that directly into a muttrc would be painful and near impossible to debug, at the least. Writing yourself a special purpose shell script makes your muttrc simple and puts the code somewhere where it doesn't need lots of nested escaping. Just a thought. Cheers, -- Cameron Simpson c...@zip.com.au Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. - Brian W. Kernighan