On Sun, 2003-12-14 at 13:08, Professional Software Engineering wrote:
At 09:40 2003-12-14 -0800, Bart Schaefer wrote:
DROPPRIVS=YES
SWITCHRC=$HOME/.procmailrc
}
Dropping privileges is definitely good advice, but isn't there a danger
here that $HOME/.procmailrc is going to be executed twice? SWITCHRC will
cause procmail to read the new file "as if" it were still reading the
/etc/procmailrc, and then when it finishes it'll continue with the normal
execution of the user's .procmailrc. Ooops.
Well, My original advise was to set SWITCHRC to /dev/null, forcing this
/etc/procmailrc to terminate, which would have dropped privs and run the
user rcfile, but the user didn't seem interested in following that advice
and instead wanted to load $HOME/... by himself.
Not true! It was just unclear as someone said earlier. I read the man
and didn't understand that SWITCHRC set to /dev/null would cause this
behavior. And didn't quite get that from your email. If the same end
result is achieved then the most secure method would preferred.
Indeed though, what you say is likely true, and can cause problems (double
delivery unlikely to be among them unless they have copy recipes). Now, if
the user's rcfile ends with an explicit delivery to $DEFAULT, this should
be minimized, though the user rcfile might itself make use of unsetting
SWITCHRC.
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
--
Nick (Nix) Gray
Senior Systems Engineer
Bruzenak Inc.
(512) 331-7998
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail