Anyone have any feedback on this?
Thanks,
mga.
On Fri, 16 Aug 2002, Mike Austin wrote:
We use smrsh with sendmail to restrict what programs users can call from
their .forwards. Basically, we don't like people popping up xterms, or
other yucky stuff from their .forwards. We don't allow logins to the mail
server. We don't have the ability to set users' shells to something
invalid because we use a network authentication system, and do allow shell
logins on other machines.
Now the problem: people can call any program from within procmail. So, a
line like:
:0
* ^TO_mga\+xterm(_at_)zoo\(_dot_)uvm\(_dot_)edu($|[>, ])
|/usr/bin/X11/xterm -display someip:0
will popup an xterm on someip off the mail server. Not at all what we
want users to be able to do.
I'm looking for ways to restrict this.
I noticed that there is a RESTRICT_EXEC define, but we don't want to
totally block all execs. We want people to be able to use a few
authorized programs (like formail, and dmail) from procmail.
I search for smrsh like add-ons for procmail, and came up with
http://mirror.ncsa.uiuc.edu/procmail/patches/smrsh-like.patch, but that's
based on a 5 year old version of procmail.
Is there anything more recent?
Alternatively, has anyone tried changing BinSh in config.h from sh to
smrsh? Would that work?
Other ideas?
Thanks,
mga.
Mike Austin Computing & Information Technology
Systems Programmer The University of Vermont
UNIX/DCE Sys Admin 802.656.8785
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail