I've gotten the following problem report from an admin running my
perl-based MIME sanitizer: whenever mail to one of the wheel group users
is received, perl complains about being run setuid.
Here's the /etc/procmailrc:
SHELL=/bin/ksh
DROPPRIVS=YES
LOGFILE=$HOME/procmail.log
PATH="/usr/local/bin;/usr/bin;$PATH"
LOG=`id`
INCLUDERC=/etc/procmail/html-trap.procmail
LOGFILE=/dev/null
And here's the first bit of the log, neatened up a bit:
uid=968(cyber) gid=0(wheel) egid=100(user) groups=100(user), 0(wheel),
6(uucp), 20(staff), 101(shell)
Sanitizing MIME attachment headers in "test" from David Monk
<cyber(_at_)ns(_dot_)vantek(_dot_)net> to cyber
No -e allowed in setuid scripts.
procmail: Program failure (255) of " perl -p -e ' #\
The gid/egid discrepancy is triggering the setuid warning. Shouldn't the
gid also be 100 after DROPPRIVS?
--
John Hardin KA7OHZ
jhardin(_at_)wolfenet(_dot_)com
pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5
PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
-----------------------------------------------------------------------
Your mouse has moved. Windows NT must be restarted for the change
to take effect. Reboot now? [ OK ]
-----------------------------------------------------------------------
68 days until Daylight Savings Time ends