Eric Daniel <edaniel(_at_)EESUN2(_dot_)tamu(_dot_)edu> wrote:
For security purposes, I would like to prevent users from executing arbitrary
commands on my mail hub by using smrsh. I disabled the logins on that
machine, and a .forward with a pipe woule be a way to turn around that
restriction.
At the same time, it would be nice to allow procmail, but then, of course,
the pipe action kind of defeats the purpose of smrsh.
In the most recent procmail (v3.11pre7) there is a hithereto undocumented
macro which disables execution of any and all programs. Simply include
#define RESTRICT_EXEC
in the config.h file (before compiling).
The reason why this isn't documented yet is because it needs a bit of more
work to make it more flexible. Like allowing program execution for
user ids below 100 and/or allowing program execution from the site-wide
/etc/procmailrc file.
--
Sincerely,
srb(_at_)cuci(_dot_)nl
Stephen R. van den Berg (AKA BuGless).
"Father's Day: Nine months before Mother's Day."