On Tue, 26 Feb 2002, Trevor Jenkins wrote:
and in /etc/procmailrc
This is the heart of the matter. Does the co-existence of /etc/procmairc
and ~/.procmailrc require that the former has an INCLUDERC= clause in it?
No. Procmail reads both /etc/procmailrc and ~/.procmailrc.
However, procmail applies certain safety checks to ~/.procmailrc that it
does not apply when processing an INCLUDERC. I suspect that the use of
INCLUDERC in /etc/procmailrc in the case above, is designed to allow the
reading of a file that is writable, by the web UI, under some user or
group ID that procmail would normally consider "unsafe."
I believe the correct thing in this case would be to assign DROPPRIVS
before assigning INCLUDERC; otherwise the $HOME/procmailrc.sms file may be
executed with root permissions, which would be a Bad Thing if the user is
allowed to include shell commands etc.
procmail mailing list