procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: smrsh/.forward

2000-05-02 15:11:16
from [Michael hall] [Permanent Link] 
On Tue, May 02, 2000 at 11:43:20PM +0200, Martin MOKREJS wrote:


On Sun, 30 Apr 2000, Michael hall wrote:


Using the example '.forward' included in the distribution:

"|IFS=' ' && p=/usr/local/bin/procmail && test -f $p && exec $p -Yf- || 
exit 75 
#YOUR_LOGIN_NAME"

Causes complaints from 'smrsh' about illegal characters ('|','&'). Whats the
best way to get around this or how do others handle this ? Rewrite it and
don't use '&&', '||' ?


I think so. If you define in /var/adm/sm.bin (or whatever the trusted
smrsh binary executables directory is) a link to /usr/local/bin/procmail
than you say you trust this file - it's not a suspicious link or file
owned by non-root user etc. I think allowing /bin/sh is the same as
allowing && and || (i.e. forget about smrsh and convert back to /bin/sh).


I did have the link, smrsh itself was refusing to execute the command though
because it contained the && and ||, which are defined and not allowed by smrsh.
After thinking about it, it was really trivial to fix. Just wrote a small
wrapper:

(/usr/libexec/smrsh/procmail)
#!/bin/sh

IFS=' '
p=/usr/local/bin/procmail

test -f $p && exec $p $@ || exit 75

And then changed the .forward to

"|/usr/libexec/smrsh/procmail -t #mhall"


Even, I think smrsh takes care if /usr/local/bin/procmail really exists
and is a file, if some test fails then MTA sends the message back, setting
the proper EXITCODE anyway.

BTW: The `YOUR_LOGIN_NAME' part can be omitted - it obeys some very old
and long time fixed bug in sendmail ... I was told.

But these are just my guesses, completely untested.


Yeah, I'll clean it up sometime as I think some of the checks aren't needed
either and I use the '-t' with procmail anyway, so it should just return a
soft error and the message would be returned to the queue and tried later.
Just wanted to get it working again for now and worry about the details later.

--
Press <Ctrl><Alt><Del> to read the next message.

Mike Hall,
Unix Admin   - Rock Island Communications           
<mikeh(_at_)rockisland(_dot_)com>
System Admin - riverside.org                        
<mhall(_at_)riverside(_dot_)org>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: smrsh/.forward, Martin MOKREJŠ
Next by Date:  Re: smrsh/.forward, Philip Guenther
Previous by Thread:  Re: smrsh/.forward, Martin MOKREJŠ
Next by Thread:  Re: smrsh/.forward, Philip Guenther
Indexes:  [Date] [Thread] [Top] [All Lists]