At 12:06 2002-08-15 -0300, Bruno F. Lobato wrote:
Well, the problem is: I wrote an auto-reply recipe, but it only works when
I give the user access to the shell. The users usually do not have access
(I use False instead of any shell especification) to the shell.
You need to define:
SHELL=/bin/sh
(with actual path and shell as appropriate) in the .procmailrc sometime
before any shell operations are performed.
Keep in mind that if the users are capable of editing their own .procmailrc
files (say, uploading a file via FTP or whatever), they can add shell
commands to their .procmailrc which can run commands upon email
invocation. Procmail really wasn't intended to be used by users without
shell access in the first place, so this isn't a security hole per-se. It
certainly isn't that much more of a risk than a user being able to upload
their own .forward file, from which they could invoke programs as well.
A user with a couple of synapses to rub together would easily realize that
they could invoke chsh (say, from within .forward or .procmailrc) to change
the shell on their account, so I guess there is a bit of a security thing
to consider there if the user can edit their own .procmailrc...
[snip]
Cursory examination tells me that the recipe looks okay. it should work
with the addition of the above SHELL definition.
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail