On Sun, 7 Apr 2002 the voices made Philip Guenther write:
"Tony L. Svanstrom" <tony(_at_)svanstrom(_dot_)org> writes:
Philip skribis:
Since you can't invoke _any_ commands via the shell, you might as well
unset SHELLMETAS completely at the top of the rcfile and thereby disable
all use of the shell.
What are the security issuses related to do/not do that?
Security issues for who, the mail server admin or the procmail user?
Oh, any and all involved... :-)
Basically I'm thinking off things like using shellmetas to trigger some
unwanted action in the name of the procmail user.
/Tony
--
# Per scientiam ad libertatem! // Through knowledge towards freedom! #
# Genom kunskap mot frihet! =*= (c) 1999-2002 tony(_at_)svanstrom(_dot_)org =*=
#
-- Random URL (2/10):
<URL: http://www.apple.com/powerbook/ > *BSD, on the run, in style...
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail