"Scott J. Kramer" <sjk(_at_)lux(_dot_)com> writes:
On Jan 15, 11:38, Philip Guenther wrote:
Subject: Re: Procmail from the aliases file? (again)
[... orig deleted ... ]
Procmail _will_ follow symlinks from /etc/procmailrcs/whatever, but whoever
makes the link needs to be careful: the file will be processed as the
owner of the _symlink_ *not* the owner of the underlying file.
That's good to know since many file copying strategies don't preserve
symlink ownership when creating the target as root, such as `ufsrestore'
on Solaris 2. Others do, like Solaris 2's and newer versions of GNU
`tar'. Relying on the ownership of a symlink is foolish, and a security
buglet in `procmail' if indeed what you say is true (I'm too lazy to
check right now).
Well, I can see reasons for _not_ simply using the uid/gid of the
pointed to file. Solaris 2's ufsrestore is broken if it does what you
say, but I'm not surprised. I think probably the best thing would be
for procmail to use the uid/gid of the pointed to file, but only if the
symlink was either owned by that uid or by root. Anything else should
result in an unchanged uid/gid. That should keep anything _too_
unexpected or dangerous from happening
And if you want to follow the convoluted logic yourself, check out the
'if' statement at around line 400 of procmail.c
Philip Guenther