Ian T Zimmerman <itz(_at_)transbay(_dot_)net> writes:
I have often wondered what the purpose of the -o flag to procmail
is. The man page says
-o Instead of allowing anyone to generate `From ' lines,
simply override the fakes.
which isn't very illuminating (at least to me). Grepping trough
the source,
...
So it seems the only effect is to not do some things with From
lines if either -f or -d is specified at the same time, and
procmail is running without privilege. Why would that be useful?
As as security precaution, it could be defeated by not specifying
these other flags, or not?
The logic regarding the generation of the "From " line is very
tricky but it basically comes to this:
First of all, the final message will only have a "From " line if
either: a) the -f option was given; b) the -d option was given; or
c) it already had a "From " line.
Otherwise the message will be left "From "less.
Next, pick the first available addresses from the following and
call it the 'tentative sender':
the argument to the -f option (unless it's just a '-')
the address in an existing "From " line
the invoker's username
Now, consider whether the invoker is trusted and whether the -o
option was given:
1) If the invoker is trusted, the -o option has no effect and
procmail will use the tentative sender in the resulting 'From ' line.
2) If the invoker is not trusted and gave the -o option, then procmail
will leave just one "From " line with the invoker's username in
it. The -f option and the address in an existing "From " line
will be ignored/lost. If there was an address given via -f or an
existing "From " line the procmail will also syslog a message at
level LOG_ERR that says:
Attempt to fake stamp by "username"
3) If the invoker is not trusted and didn't give the -o option, then
procmail will compare the tentative sender with the invoker's
username. If they match then procmail will generate one "From "
line with that address. If they do not match, then procmail will
generate a "From " line with the tentative sender and immediately
following that a ">From " line with the invoker's username.
So, does it make any more sense now?
Yes and no. I still don't see WHY this particular (quite complex)
behavior was deemed useful. Basically, it only makes difference in a
suspect situation - when someone is trying to forge the info. Why
would they care in what way precisely they're foiled?
--
<itz(_at_)transbay(_dot_)net> general personal mail
<itz(_at_)prosa(_dot_)it> gpm (and|or) other free software (co)?maintained by me
<itz(_at_)lbin(_dot_)com> work - only if \$\$ is involved
Electing a quail for President might cause wierd affects,
such as school principles refusing to eat baked potatoe.