Charles Gagnon <charlesg(_at_)Nynexst(_dot_)COM> writes:
Hey guys, how can I get rid of that one:
procmail[17700]: Denying special privileges for "/etc/procmailrcs/rc.oldemploy"
rc.oldemploy is a procmailrc file executed by this script:
#!/bin/sh
PATH=$PATH:/usr/local/bin ; export PATH
procmail -m DEFAULT=/dev/null \
MAILDIR=/tmp \
/etc/procmailrcs/rc.oldemploy
It's called in by a mail alias to do a reply automatically.
To quote the DIAGNOSTICS section of procmail(1) manpage:
Denying special privileges for "x"
Procmail will not take on the identi-
ty that comes with the rcfile because
a security violation was found (e.g.
- p or variable assignments on the
command line) or procmail had insuf-
ficient privileges to do so.
The first question is whether you _want_ procmail to be executing as
the owner of rc.oldemploy. If not, then put that rcfile anywhere but
inside /etc/procmailrcs and your problem is solved. This is also the
safest option.
Otherwise:
If the assignments to DEFAULT and MAILDIR are the same for every use of
rc.oldemploy then you should just move them to the start of
rc.oldemploy. If they need to change, then you can instead pass them
into procmail as argument instead of assignments, and then do
assignment inside after sanity and security checking them:
rc.oldemploy:
# set the defaults:
DEFAULT = whatever
MAILDIR = whatever-2
# If we have arguments, expect both
:0
* $ $#^0
{
default = $1
maildir = $2
:0
* default ?? ^^/dev/null|regexp-of-other-safe-values^^
{ DEFAULT = $default }
:0 E
{ # bad value for default. Scream and exit with EX_NOPERM.
LOG = "Illegal value for DEFAULT"
EXITCODE = 77 # EX_NOPERM
HOST
}
:0
* maildir ?? ^^similar^^
{ MAILDIR = $maildir }
:0 E
{ # bad value for maildir. Scream and exit with EX_NOPERM.
LOG = "Illegal value for MAILDIR"
EXITCODE = 77 # EX_NOPERM
HOST
}
}
and the script becomes:
#!/bin/sh
PATH=/usr/local/bin:$PATH ; export PATH
procmail -m /etc/procmailrcs/rc.oldemploy /dev/null /tmp
BEWARE: /tmp is almost certainly not safe for MAILDIR. As an
alternative to exiting in such a case, you could have it reinvoke
procmail, passing the default and maildir values as command line
assignments, causing it to instead lose it's special privileges:
...
:0
* default ?? ^^/dev/null|regexp-of-other-safe-values^^
{ DEFAULT = $default }
:0 E
|procmail -m DEFAULT="$default" MAILDIR="$maildir" $_
...
Be very *careful* when writing the regexps for matching safe values for
DEFAULT and MAILDIR. One slip and the account that owns rc.oldemploy
will be wide open for public access.
Philip Guenther