Lars Kellogg-Stedman <lars(_at_)software3(_dot_)bu(_dot_)edu> writes:
I've included two recipes below.
These recipes both work, and are therefore dangerous. Folks, you
*must* be paranoid, or someone else will take you to the security
cleaners. Giving someone a recipe like this is like giving someone
a window lock... which opens from both sides. Doing it right isn't
*that* much harder, is it?
...
# This checks the message body for a 'begin' line, and if it finds one
# uudecodes the message.
:0bDB
* ^begin
* ^end$
| (cd files_directory; awk '/begin/,/end/' | uuconvert)
It's such a simple change to make it safe:
:0bDB
* ^begin
* ! ^begin.*[^-a-z0-9A-Z_.]
* ^end$
| (cd files_directory; awk '/begin/,/end/' | uuconvert)
That one new condition will protect you from uudecoding to outside of
the "files_directory" directory, and will limit filesnames in there to
alphanumerics, '_', '.', and '-'.
Note that the following recipe does *not* protect you:
:0bDB
* ^begin +[-0-9a-zA-Z_.]+( )
* ^end$
| (cd files_directory; awk '/begin/,/end/' | uuconvert)
Just consider a message that contains:
begin ../.procmailrc 644
Mskfhskjfsdkjhfsdkjhdskj
...
Msk
end
begin foo 644
Please don't give up security for the sake of conveniance. It'll only
cost you in the end.
Philip Guenther