Liviu Daia <Liviu(_dot_)Daia(_at_)imar(_dot_)ro> writes:
On 2 September 1999, era eriksson <era(_at_)iki(_dot_)fi> wrote:
On Thu, 02 Sep 1999 17:15:31 +0300, Liviu Daia
<Liviu(_dot_)Daia(_at_)imar(_dot_)ro>
wrote:
> On 2 September 1999, Mail Forward
<diacom-all(_at_)diacom-systemhaus(_dot_)de>
> wrote:
[...]
>> all incomming mails should be forwarded to what's in X-Envelope-To
> Depending on the expected content of this "X-Envelope-To:"
> (that is, bare address vs. "User <user(_at_)somewhere>"), you might try
> :0
> * ^X-Envelope-To:[ ]+\/.*
> ! $MATCH
I believe you should even be able to use this for full, commented
addresses, if you just include proper quoting:
:0
* ^X-Envelope-To:[ ]*\/[^ ].*
! "$MATCH"
This should work (with a real Sendmail at least) even if MATCH
contains funny stuff like "User <user(_at_)somewhere>".
[...]
You're opening a big can of worms. The key words here are "proper
quoting". Think f.i. of
X-Envelope-To: "John Q. Doe" <jdoe(_at_)somewhere>
or of something more creative, such as:
X-Envelope-To: "nobody; `rm -f / &`;" <jdoe(_at_)somewhere>
Sorry Liviu, while there's a danger here, this isn't it. Let's try
your example:
lunen% cat rcfile
SHELL = /bin/sh
:0
* ^X-Envelope-To:[ ]*\/[^ ].*
{ A="$MATCH" }
:0 i
|{ env; \
printargs() { echo ""; echo $#; for i do echo "->$i<-"; done; }; \
printargs "$A"; \
printargs $A; \
} >out
lunen% procmail ./rcfile
X-Envelope-To: "nobody; `rm -f / &`;" <jdoe(_at_)somewhere>
^D
lunen% cat out
A="nobody; `rm -f / &`;" <jdoe(_at_)somewhere>
...
MATCH="nobody; `rm -f / &`;" <jdoe(_at_)somewhere>
...
1
->"nobody; `rm -f / &`;" <jdoe(_at_)somewhere><-
6
->"nobody;<-
->`rm<-
->-f<-
->/<-
->&`;"<-
-><jdoe(_at_)somewhere><-
lunen%
What do we see? The shell doesn't pay attention to any special
characters that resulted from variable expansion except for white
space, and that bit (word splitting) is turned off by double quotes.
So, we don't have to worry about characters special to the shell being
interpreted. Since we want sendmail to see the entire value of the
X-Envelope-To: header as a single argument (it'll do the correct
splitting of addresses) the argument should be quoted.
HOWEVER, there *is* a danger here. Consider instead the 'address':
-tC/tmp/somefile(_at_)some(_dot_)where
Sendmail will interpret that as command line flags instead of as
addresses. The result is that if someone can do this and can make a
file of their choosing locally accessible on the machine where procmail
runs (think anonymous ftp or automounters) then they can run anything
as you. This is not good. The solution is to use the '--' flag to
tell sendmail that all further arguments are address:
:0
* ^X-Envelope-To:[ ]*\/[^ ].*
! -- "$MATCH"
Philip Guenther