On Thu, Aug 15, 2002 at 09:30:34AM -0700, Professional Software Engineering
wrote:
At 12:06 2002-08-15 -0300, Bruno F. Lobato wrote:
Well, the problem is: I wrote an auto-reply recipe, but it only works when
I give the user access to the shell. The users usually do not have access
(I use False instead of any shell specification) to the shell.
You need to define:
SHELL=/bin/sh
(with actual path and shell as appropriate) in the .procmailrc sometime
before any shell operations are performed.
Keep in mind that if the users are capable of editing their own .procmailrc
files (say, uploading a file via FTP or whatever), they can add shell
commands to their .procmailrc which can run commands upon email
invocation. Procmail really wasn't intended to be used by users without
shell access in the first place, so this isn't a security hole per-se. It
certainly isn't that much more of a risk than a user being able to upload
their own .forward file, from which they could invoke programs as well.
Might the risk be mitigated with setting the permissions and ownership
of the .procmailrc? Procmail should be able to handle a .procmailrc with
unwriteable permissions, and though I haven't tested it, might be just
fine with the ownership set away from the the user too.
--
9. If a self-destruct mechanism is necessary, it will not be a large red button
labelled "Danger: Do Not Push". The big red button marked "Do Not Push" will
instead trigger a spray of bullets on anyone stupid enough to disregard it.
--Peter Anspach's list of things to do as an Evil Overlord
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail