We have discovered that our default .procmailrc file works quite well
even for users whose default shell is "/usr/local/bin/no_shell" (in other
words, shell access is disabled), by including this as the first line:
SHELL=/bin/sh
So, one concern that was raised was the possibility of an IFS exploit
being used on the shell script. End users would normally not be able to
access the script thru FTP, but it is "remotely" possible that they may
be able to change something in the file later.
"man procmailrc" doesn't make any mention of a way to set the IFS
variable. Is this a concern, or what things should we do to address it
so that users cannot get shell access on the machine? Should we set the
owner of the .procmailrc file to root, and chmod 444 it?
Aloha mai Nai`a!
--
"Please have your Internet License http://kapu.net/~mjwise/
and Usenet Registration handy..."
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail