Toen wij Dallman Ross kietelden, kwam er dit uit:
Ruud H.G. van Tol:
Adam Bogacki:
I've put DROPPRIVS at the top of both
/etc/procmailrc and $HOME/.procmailrc and
tried both
DROPPRIVS is only useful in /etc/procmailrc,
because in the user's .procmailrc only the
user's rights count (special circumstances
ignored).
One such special circumstance being, what if the
user with elevated privs specifically calls the regular
user's rcfile as an INCLUDERC or SWITCHRC?
Yes, that was exactly the one that I had in mind and
that I wanted to ignore. I vaguely remembered a
discussion here about an /etc/procmailrc that, for
some maybe valid reason, did an INCLUDERC of the user's
.procmailrc. I can't remember the valid reason.
(And I'm not sure if elevated privs endure past a
SWITCHRC command, though I am sure they do for
INCLUDERC.)
They do. See man procmailrc, under Environment.
There are other specials with that, see 'take on the identity' below:
[man procmail]
If no rcfiles and no -p have been specified on the command line, proc-
mail will, prior to reading $HOME/.procmailrc, interpret commands from
/usr/local/etc/procmailrc (if present). Care must be taken when creat-
ing /usr/local/etc/procmailrc, because, if circumstances permit, it
will be executed with root privileges (contrary to the $HOME/.proc-
mailrc file of course).
[...]
-m Turns procmail into a general purpose mail filter. In this mode
one rcfile must be specified on the command line. After the
rcfile, procmail will accept an unlimited number of arguments. If
the rcfile is an absolute path starting with /usr/local/etc/proc-
mailrcs/ without backward references (i.e. the parent directory
cannot be mentioned) procmail will, only if no security violations
are found, take on the identity of the owner of the rcfile (or
symbolic link). [...]
This is just an aside not to do with Adam's case.
Another fine ignore-request wasted. <g>
[diags.rc]
Nice!
--
Grtz, Ruud
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail