procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Why is softlink / hardlink "BOGUS" ?

1996-05-27 20:58:14
from [Stephen J. Turnbull] [Permanent Link] 
"Philip" == Philip Guenther <guenther(_at_)gac(_dot_)edu> writes:


    Philip> Jan Vicherek <honza(_at_)ied(_dot_)com> writes:
    >> Second, I came up with the following patch. It allows me not to
    >> use ~root/.procmailrc for shared /var/spool/mail on local
    >> net. So now I have /var/spool/mail/root ->
    >> /filesystem/local/to/machines/root_mailbox

    Philip> This a) should be controllable on a per-recipe basis; b)
    Philip> should default to off; and c) is almost certainly a
    Philip> security hole: you are no longer certain that procmail is
    Philip> writing to the file specified, as it could be a symlink
    Philip> anywhere.  If the 'foo' account doesn't have a mailbox in
    Philip> /var/spool/mail then someone could just say "ln -s ~
    Philip> foo/.rhosts /var/spool/mail/foo" Then do:

    Philip> procmail -f $USER -d foo <<EOF

    Philip> + + EOF

    Philip> Followed by "rlogin -l foo localhost", no?

This would work on my machine, even for a guest account
(/var/spool/mail is 777, and procmail is 4555).  However, "ln 
~foo/.rhosts ..." would not work; /{home,etc} and /var are on different
file systems.  So you could limit the damage by separating the file
systems (it sounds like Jan probably is doing so), and not permitting
softlinks.  The /var file system is just too open to attacks and
stupidity (eg, several of my users never move any of their mail out of
their Pine INBOXes, and a couple are well over 1MB; I The Admin, Lord
of All I Survey, once had debug enabled on my ftpd and syslog grew to
5MB within a week with all those PORT commands :-P), so I prefer to
have /var on a separate file system.

    Philip> Is creating ~root/.procmailrc so difficult that this is
    Philip> better?

:-)

Also, all the textbooks I've ever seen recommend that Postmaster and
Root mail be forwarded to a real user.  In that case it makes sense to 
create a global alias which would presumably be in a shared
/etc/aliases file.  In fact, this ought to work for Jan; he just sets
the mailbox for the root user on the machine containing the
/filesystem/local/to/machines file system to root_mailbox, and then
direct all root mail there.

-- 
                           Stephen John Turnbull
University of Tsukuba                                        Yaseppochi-Gumi
Institute of Policy and Planning Sciences  http://turnbull.sk.tsukuba.ac.jp/
Tennodai 1-1-1, Tsukuba, 305 JAPAN                 
turnbull(_at_)sk(_dot_)tsukuba(_dot_)ac(_dot_)jp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SmartList., Richard D. Sheffar
Next by Date:  Re: I need procmail to "bounce" a message to the sender, Sacha Sardo Infirri
Previous by Thread:  Re: Why is softlink / hardlink "BOGUS" ?, Philip Guenther
Next by Thread:  Re: Why is softlink / hardlink "BOGUS" ?, David W. Tamkin
Indexes:  [Date] [Thread] [Top] [All Lists]