On Tue, May 20, 1997 at 10:55:15PM -0500, Philip Guenther wrote:
All the more reason to rip it [the sendmail.cf] out and start afresh.
Stop worrying about what it currently does and start thinking about what
it _should_ do. Of course, I recommend that test it *very* thoroughly
before installing it...
Alas, it's impossible. System is maintained by more experienced
people than me, sendmail itself is tweaked to do extra logging (grabbing more
money from customers :), its configs are really complicated with several
unusual fatures, etc :(
Okay, that's their problem then. As long as you're getting the envelope
recipient on the command line you should be fine.
*sigh* I'm tempted to return to the old variant, when
I had .forward and .procmailrc. That thing lost envelope to, but at
least ran as halyava.nouser instead of halyava.wheel...
Something is going here... after some tinkering with
contents of /etc/procmailrcs/halyava (I'll be damned if I know what
was changed...) it started to work as user halyava, but with group
wheel. Worse, it now says:
procmail: Executing "perl -0777 -pe 's:\n+:|:g;s:[\s|]+$::;'
/u/halyava/.bozos
"
No -e allowed in setuid scripts.
procmail: Assigning "BOZOS="
Ick, perl's being too smart and is detecting the fact that EGID != RGID.
I'm going to send another copy of the bottom of this message to Stephen,
the author of procmail, to see if he has any ideas on what to do here.
I've found where is the problem with perl starts -- I've removed
setuid bit on the procmail. I've set it back and perl stopped complaining,
but still I have procmail running with gid=0 :( Not an instant root, but
a very weak spot in the security... Why procmail doesn't have
variables GID and UID? *grumble* *grumble*
--
Roman V. Isaev Moscow, Russia
========================================================
Homepage ------------> http://accessnet.ru/lp/rm/index.html
Obscene limericks ---> http://accessnet.ru/lp/rm/eng/elim.html
Firearms in Russia --> http://accessnet.ru/lp/rm/eng/firearms.html