On Tue, 26 Feb 2002, Trevor Jenkins wrote:
and in /etc/procmailrc
INCLUDERC=$HOME/procmailrc.sms
This is the heart of the matter. Does the co-existence of /etc/procmairc
and ~/.procmailrc require that the former has an INCLUDERC= clause in it?
No. Procmail reads both /etc/procmailrc and ~/.procmailrc.
However, procmail applies certain safety checks to ~/.procmailrc that it
does not apply when processing an INCLUDERC. I suspect that the use of
INCLUDERC in /etc/procmailrc in the case above, is designed to allow the
reading of a file that is writable, by the web UI, under some user or
group ID that procmail would normally consider "unsafe."
I believe the correct thing in this case would be to assign DROPPRIVS
before assigning INCLUDERC; otherwise the $HOME/procmailrc.sms file may be
executed with root permissions, which would be a Bad Thing if the user is
allowed to include shell commands etc.
DROPPRIVS=yes
INCLUDERC=$HOME/procmailrc.sms
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail