On Fri, 13 Sep 1996, Max Caines wrote:
> Point taken. Perhaps a better solution would be for Exim to have a
> configurable list of 'acceptable' programs to be run by the pipe mechanism,
> with a default to accept anything. I could then discard 'smrsh'. I am loth
> to modify the source to Exim, but if I replace Smail, which I want to, then
> it has to look the same to our users.
This is really what the restrict_to_path stuff was supposed to handle.
One way it could be used would be to set up a special directory
containing soft links to all the programs you are prepared to let
people run. Then they don't all have to be in the same place, but you
have an easily-changed list of them.
I realize that this doesn't help with /usr/ucb/vacation which gets put
there by the vacation program. (Or whatever it puts there. When we
upgraded to Solaris 2 we had to put in a special link to cope with its
incorrect assumptions...)
However, you could put a wrapper round the vacation program which
corrects the user's .forward file.
This are ideas for how to do things with the existing Exim. I am not
against extending Exim to make things easier for administrators; indeed,
I'm all in favour! However, I do want to try to be sure that the
extensions are reasonably "clean" and general-purpose.
What do others think about the idea of having a list of allowable
programs that can be run by the pipe mechanism?
--
Philip Hazel University Computing Service,
ph10@??? New Museums Site, Cambridge CB2 3QG,
P.Hazel@??? England. Phone: +44 1223 334714