procmail
[Top] [All Lists]

Re: Triggering activities through email

1997-06-19 09:20:00

| OK for this one, I just would like the original sender to understand that 
| executing a command with a parameter from the outside can be *dangerous*. 

Absolutely!  But precautions can be taken, such as restricting $MATCH to
characters legitimate in a hostname:
...
or at the very least, quotes around "$MATCH" to defuse semicolons:
...
As Stephane has warned us, one must be extremely careful in running commands
that are taken from incoming mail (or whose parameters are taken from incom-
ing mail).

How about:

Send the body to a script at the destination.

The script scans the body for two begin and end flag strings,
   then uses PGP or something similar to decrypt the characters
   between the flag strings.
   Finally, it executes the decrypted string.

For any person to execute any command, that person must:
  1. Know the encryption key
  2. Make his mail match your recipe conditions
     (i.e. forgery, if the conditions are set up right)

For additional security, you can do tricks within the script
to reject certain commands (or any command not on a particular
list).  Or you can only accept certain "pseudo-commands" in
the decrypted string, and use those as options in a case (switch)
construct containing the real commands.

<Prev in Thread] Current Thread [Next in Thread>