gerg(_at_)wco(_dot_)com writes:
Philip Guenther <guenther(_at_)gac(_dot_)edu> writes:
Procmail's operation runs something like this:
Parse command line flags (-d, -p, -f, -m, etc)
Clean up the environment
Figure out whether the invoking user is 'trusted'
Setup signals and file descriptors
Handle the "From " line
Read in the entire message
If in the delivery mode, fork for each user (one at a time)
At or before this point it also does:
Check mailbox ownership and rename it to BOGUSxxx if it's wrong
That would be the screen $ORGMAIL step below. The "Become the correct
user" step is really smeared from where I put it below to the far side
of the "Open an rcfile" step, depending on what mode procmail is in.
Become the correct user
Set ORGMAIL, HOME, DEFAULT; set the umask
if not mailfilter mode, screen $ORGMAIL (check for links, permissions)
Handle command line assignments; set up $1, $2, etc
LOOP: {
Open an rcfile
LOOP: {
process a line
} while there are lines
} while there are rcfiles left.
...
To a large extent, this isn't procmail's problem. The /etc/passwd
file should be corrected. Still, I wish procmail could, when
compiled with HOMEDIRMAIL, either perform the checks after becoming
the user (so directory permissions could prevent mis-delivered mail),
or bail out of the delivery when the home directory isn't owned by
the user.
I'll look at adding a #define that would tell procmail that it should
never need extra-privileges when screening the mailbox. I've filed it
on my todo list as an enhancement.
Philip Guenther