On Mon, 12 May 1997, Eric Daniel wrote:
1) Assuming the pipe action is disabled, can I be sure that procmail does not
provide any other way of executing commands?
One thing might be to put your mail hub on a machine which is
binary-incompatible with the workstations on your network. It will
make it that much harder for users to compile programs to even *try* to
run if they don't know what platform they are compiling for. Hee hee hee.
Another thing you should see if you can do is modify the procmail source
(note: I haven't bothered to do this, because I don't work for an
educational institution ;-) so that it immediately sets DROPPRIVS as
it reads in a users .procmailrc - that way, if they execute any programs
they won't have any special priviledges.
You might also want to play some games with /bin/sh on that machine so they
can't run shell scripts either.. (even if they talk procmail into
letting them). While I know these aren't really the solutions you're looking
for, they are an interesting angle at even more marginally increasing
system security.
--
Wesley W. Garland | ISO: FM-Synth Patches/Editors, pref DX-100
Queen's University | -=<>=-
CISC Department | I feel like my life is just a little
Kingston, ON, Canada | umop apisdn * upside down * umop apisdn