For security purposes, I would like to prevent users from executing arbitrary
commands on my mail hub by using smrsh. I disabled the logins on that
machine, and a .forward with a pipe woule be a way to turn around that
restriction.
At the same time, it would be nice to allow procmail, but then, of course,
the pipe action kind of defeats the purpose of smrsh.
So my questions are:
1) Assuming the pipe action is disabled, can I be sure that procmail does not
provide any other way of executing commands?
2) Has anyone else attempted to disable it (the source of procmail looks a
little, hemm, obfuscated, and I'm not sure what I would need to change)
3) Same questions about formail
Thanks,
--
Eric Daniel -- System administrator
edaniel(_at_)ee(_dot_)tamu(_dot_)edu
Dept. of Electrical Engineering, Texas A&M University fax: (409) 845 6259
finger edaniel(_at_)ee(_dot_)tamu(_dot_)edu for PGP public key
phone:(409) 845 7530