Alastair Irvine <alastair(_at_)atri(_dot_)curtin(_dot_)edu(_dot_)au> writes:
Would it be OK (from a security point of view) to have a .procmailrc (or
a .forward) in a group-writable directory as long as the sticky bit is
set on that directory?
This would not be good thing for a default build of procmail to have (as
the sticky bit may not work on some file systems accessed from some
systems), but maybe BuGLess would consider including it as an option...
If you are on such a system, and yet try to take advantage of it, you
deserve to lose.
This whole subject was gone over with a fine tooth comb on the
development list and here's the current status: if you specified a
relative rcfile file, procmail does _NO_ checking -- procmail assumes
you know what you're doing. An absolute rcfiles, on the other hand,
is only trusted if:
a) it is owned by either the recipient or root, _and_
b) it is not world-writable, _and_
c) the containing directory is either not world writable, or has the
sticky bit set (but the latter only if procmail thinks chown() is
restricted), _and_
d) if this is the default rcfile then group writability is also checked
for on both the rcfile and the containing directory, with the
exception that if GROUP_PER_USER was defined at compile time then
it's okay for either of them to be group-writable if they are of the
recipient's default group.
If you think the above is wrong in some way, please describe your case
precisely in an e-mail to bug(_at_)procmail(_dot_)org(_dot_) I've put a
Reply-To: on
this message directing replies to the procmail-dev list, where all
discussion of these rules should take place.
Philip Guenther