Michael J Wise <mjwise(_at_)kapu(_dot_)net> writes:
We have discovered that our default .procmailrc file works quite well
even for users whose default shell is "/usr/local/bin/no_shell" (in other
words, shell access is disabled), by including this as the first line:
SHELL=/bin/sh
So, one concern that was raised was the possibility of an IFS exploit
being used on the shell script. End users would normally not be able to
access the script thru FTP, but it is "remotely" possible that they may
be able to change something in the file later.
What shell script? Does the fact that procmail always removes IFS,
ENV, and PWD (see the PRESTENV #define in the config.h file) from the
environment answer your question?
"man procmailrc" doesn't make any mention of a way to set the IFS
variable. Is this a concern, or what things should we do to address it
so that users cannot get shell access on the machine? Should we set the
owner of the .procmailrc file to root, and chmod 444 it?
If a user can create or edit their .procmailrc, then they can run programs
on the mail server. If that's a problem then you have many ways to
tackle it. If making it so that all users with uid greater than some
value cannot run _any_ program from their .procmailrc is an acceptable
solution, then recompile procmail with the RESTRICT_EXEC #define (look
in config.h). If simply making it so that users can't write to their
.procmailrc would be good enough, then change the PROCMAILRC #define to
something like "/var/procmail/$LOGNAME".
Philip Guenther
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail