procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: When is a .forward not a .forward

1997-12-06 14:25:28
from [Stan Ryckman] [Permanent Link] 
My understanding of the .forward policy is that a symlink need not
share the permissions of its target.  Therefore somebody's .forward
symlink could have proper permissions, while it's target could be
writable by others.  This would allow anybody with the write
permissions to execute any program (potentially) from the user's
.forward file.


There's also the "different filesystem" problem... the MTA could
"see" a symlinked pointing to a different filesystem than
it was actually intended to point to, since the MTA may run on
a different host than the user, and the mounts may differ.

The link could always be followed and the permissions of the
target evaluated, if permissions were the only problem.

Cheers,
Stan
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Send list to incoming folder, Kwoody
Next by Date:  Re: Send list to incoming folder, gsutter
Previous by Thread:  When is a .forward not a .forward, Werner Reisberger
Next by Thread:  procmail after sendmail, Jameson Burt
Indexes:  [Date] [Thread] [Top] [All Lists]