"Tony L. Svanstrom" <tony(_at_)svanstrom(_dot_)org> writes:
On Sun, 7 Apr 2002 the voices made Philip Guenther write:
Philip skribis:
Since you can't invoke _any_ commands via the shell, you might as well
unset SHELLMETAS completely at the top of the rcfile and thereby disable
all use of the shell.
What are the security issuses related to do/not do that?
Security issues for who, the mail server admin or the procmail user?
Oh, any and all involved... :-)
(<sigh> "The more general the question, the less useful the answer")
If an rcfile author isn't careful about how he or she uses untrusted
input, they may create a security problem.
By reducing the functionality availible to commands invoked in an rcfile,
unsetting SHELLMETAS may reduce the risk of a poorly written command
causing problems. The reduction isn't particularly great: if a command
works without the shell, then the only possible change from having the
shell involved is the loss of filename globbing.
Basically I'm thinking off things like using shellmetas to trigger some
unwanted action in the name of the procmail user.
Since the check for shellmetas is done before variables are expanded,
the meta characters have to actually be in the rcfile: the choice of
whether is shell is involved or not is set by the rcfile author.
Philip Guenther
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail