procmail
[Top] [All Lists]

correction: preventing execution

1997-05-13 12:07:00
I wrote, not noticing the ambiguity,

| One thing about procmail is that, as soon as it reads an rcfile other than
| /etc/procmailrc [or something under the /etc/procmailrcs/ directory with no
| backreferences (no "/../" to sneak out of the tree)], it gives up its setuid
| privileges and changes uid to that of the owner of the rcfile.

Let me rephrase that:

 One thing about procmail is that, as soon as it reads an rcfile other than
 (1) /etc/procmailrc or (2) an rcfile under the /etc/procmailrcs/ directory
 with no parent references (no keeping privileges if there is a "/../"
 because enough "/../" will sneak out of the tree) -- for example, as soon
 as it reads a user's $HOME/.procmailrc -- it gives up its privileges and
 changes uid and gid to that of the owner of the rcfile.

Sorry about that.

Anyhow, the point is that commands called from the user's .procmailrc with
pipes or backticks will *not* run as root, so there is no need to disable
those facilities of procmail.