procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: A word on UNIX permissions regarding ./forward and ./procmailrc

2001-12-16 21:26:30
from [Mark] [Permanent Link] 
----- Original Message -----
From: "David W. Tamkin" <dattier(_at_)ripco(_dot_)com>
To: "Mark" <admin(_at_)asarian-host(_dot_)net>; 
<procmail-users(_at_)procmail(_dot_)org>
Sent: Sunday, December 16, 2001 7:26 PM
Subject: Re: A word on UNIX permissions regarding./forward and./procmailrc


Mark,

First, unless your OS has some serious security holes that can be
exploited other ways as well, by the time the MTA reads ~/.forward it has
given up root privileges and is running as the recipient.


As is, of course, the case in my sendmail. Yeah, like I would give a user
root privileges in his .forward file. 'Fraid not. :)


that includes hurting other customers or the system itself, then there
are yet some more security issues on your system that you as the sysadmin
need to address before you let any other users on the box at all. If your
system is that full of holes, a non-malicious user can do something
horrible by an innocent mistake, let alone what a malevolent user could
do. Certainly a ~/.forward doesn't give anybody any additional access or
privileges.


I guess how I describe "security risk" may be a bit broader than someone
getting root privileges. To me, I consider a thing a security risk when a
user is able to bypass a certain setup that he is not supposed to bypass.
That is, if for his mail delivery his .forward is required -- and essential
to the overall delivery scheme of that box -- and he can modify his own
..forward, then I call that, in the broadest sense of the word, a security
risk.

In a way these user-writeable .forward files are tainted, or possibly
tainted (which is tainted too). And the point I was making was, that even
though a .forward file may seem non-writeable in a users' home directory,
they are in fact writeable in the way I outlined. The short of it: I do not
like tainted. If these .forward files are an integral part of a system's
mail delivery, then I do not think those .forward files should be tainted.
Your mileage may vary.

The only way to really untaint those .forward files, is to ensure the user
cannot possibly write to them. And, as I explained, the only way to really
make sure of that, is to move the .forwards out of the users' scope
altogether. Or better, to simply make procmail the LDA with sendmail.cf
itself, so you need not bother with .forwards at all.

- Mark

        System Administrator Asarian-host.org

---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: procmail diagnostic shell script?, Professional Software Engineering
Next by Date:  Re: horribly slow converting 3.4mb of news to mail, Harry Putnam
Previous by Thread:  Re: A word on UNIX permissions regarding ./forward and ./procmailrc, David W. Tamkin
Next by Thread:  Re: procmail diagnostic shell script?, Martin McCarthy
Indexes:  [Date] [Thread] [Top] [All Lists]