procmail
[Top] [All Lists]

Re: Auto-reply and login

2002-08-15 11:50:53
At 12:06 2002-08-15 -0300, Bruno F. Lobato wrote:

Well, the problem is: I wrote an auto-reply recipe, but it only works when I give the user access to the shell. The users usually do not have access (I use False instead of any shell especification) to the shell.

You need to define:

SHELL=/bin/sh

(with actual path and shell as appropriate) in the .procmailrc sometime before any shell operations are performed.

Keep in mind that if the users are capable of editing their own .procmailrc files (say, uploading a file via FTP or whatever), they can add shell commands to their .procmailrc which can run commands upon email invocation. Procmail really wasn't intended to be used by users without shell access in the first place, so this isn't a security hole per-se. It certainly isn't that much more of a risk than a user being able to upload their own .forward file, from which they could invoke programs as well.

A user with a couple of synapses to rub together would easily realize that they could invoke chsh (say, from within .forward or .procmailrc) to change the shell on their account, so I guess there is a bit of a security thing to consider there if the user can edit their own .procmailrc...


[snip]

Cursory examination tells me that the recipe looks okay. it should work with the addition of the above SHELL definition.

---
 Sean B. Straw / Professional Software Engineering

 Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
 Please DO NOT carbon me on list replies.  I'll get my copy from the list.

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>