security in /etc/procmailrc

procmail

security in /etc/procmailrc

1998-07-30 11:27:02

Someone suggested,

| >   - If you get really desparate, how about putting the line...
| >
| > INCLUDERC=$HOME/.procmailrc
| >
| > ...into the master .procmailrc file?

and Chris Lindsey asked,

| What user does it run this as?  Not the userid of the envelope
| recipient, right?  So this could be a potential security
| problem...

OK then ...

  DROPPRIVS=yes
  INCLUDERC=$HOME/.procmailrc

If procmail knows the envelope recipient in order to determine whose home
is "$HOME", then it knows whose privileges to take when it drops those of
root.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Only global filters work (1 for all users), but we want to use 1 or + filters for each user., Ebrainer Re: Only global filters work (1 for all users), but we want to use 1 or + filters for each user., Walter Dnes Re: Only global filters work (1 for all users), but we want to use 1 or + filters for each user., Christopher Lindsey security in /etc/procmailrc, David W. Tamkin <= Re: security in /etc/procmailrc, Richard Hopkins

Previous by Date:	Re: Procmail, sxr
Next by Date:	Procmail features wishlist, John D. Hardin
Previous by Thread:	Re: Only global filters work (1 for all users), but we want to use 1 or + filters for each user., Christopher Lindsey
Next by Thread:	Re: security in /etc/procmailrc, Richard Hopkins
Indexes:	[Date] [Thread] [Top] [All Lists]