procmail
[Top] [All Lists]

Re: Preventing execution of arbitrary programs

1997-05-14 09:48:00
"Wesley W. Garland" <wes(_at_)kingston(_dot_)airpost(_dot_)com> wrote:
On Mon, 12 May 1997, Eric Daniel wrote:
 1) Assuming the pipe action is disabled, can I be sure that procmail does 
not
provide any other way of executing commands?
One thing might be to put your mail hub on a machine which is 
binary-incompatible with the workstations on your network. It will
make it that much harder for users to compile programs to even *try* to
run if they don't know what platform they are compiling for. Hee hee hee.

% cat > .procmailrc
LOGFILE=$HOME/.procmail.log
:0
* ^Subject: Sneaky: \/.*
{
   LOG=`$MATCH`
}
^D
% mail -s "Sneaky: /bin/uname -a" `whoami` < /dev/null
% mail -s "Sneaky: /usr/bin/which perl" `whoami` < /dev/null
% sleep 5
% cat .procmail.log

Elijah
------
Please do not CC me when replying to the list.  It is not my responsibility to
prove to you my mail is not spam, if mail to you bounces it will not be resent.

<Prev in Thread] Current Thread [Next in Thread>