Eric Daniel <edaniel(_at_)EESUN2(_dot_)tamu(_dot_)edu> wrote:
So my questions are:
1) Assuming the pipe action is disabled, can I be sure that procmail does not
provide any other way of executing commands?
The RESTRICT_EXEC method is guaranteed to be 100% secure.
3) Same questions about formail
Alas, the RESTRICT_EXEC method also disables the use of formail.
The only 100% secure method to allow formail (and a select set of other
programs) to execute would be by use of a chroot()ed environment. This,
however, becomes a bit impractical, unless all programs and all mailfolders
of a recipient are accessible within the chroot()ed environment (possible,
but not a trivial task).
--
Sincerely,
srb(_at_)cuci(_dot_)nl
Stephen R. van den Berg (AKA BuGless).
"Father's Day: Nine months before Mother's Day."