On Wed, 5 Mar 1997, Pete Ashdown wrote:
> I realize the insecurity of /bin/sh, but I have local users who use the
> procmail line:
>
> "|IFS=' ' && exec /usr/local/bin/procmail -f- || exit 75"
>
> I read through the archives and Philip essentially said "change the
> procmail line". This isn't an option here.
Apart from changing the code, as suggested by David Blacka, there is one
other possible option. You could set up a special director that looks
for the existence of a .procmailrc file in the users's home directory,
and if you find one, pass the message to procmail via a special pipe
transport.
This is of course a bit dangerous, as you are ignoring the user's
.forward file, which might not in fact point at procmail! I suppose you
could also check for the existence of a .forward file, but there is no
way to check its content.
Hmm. I guess I ought to implement an option on the pipe transport that
says "use a shell", though I'm not too happy about that. How about an
option that says "ignore this string at the start of the command"? Then
you could make it ignore "IFS=' ' && exec". No, that won't help because
of the "|| exit 75" on the end. Perhaps some kind of pattern match? Just
thinking random thoughts here...
Apart from the syntax and security problems, it is, of course, more
efficient not to use a shell in general, as you save a fork() operation
(unless you use exec, as above - many users piping to random scripts
wouldn't think of that).
The point about it not being a security issue because the user can
specify a shell anyway is true, but idea was that it would avoid more
accidents if those that wanted a shell had to ask for it explicitly.
--
Philip Hazel University Computing Service,
ph10@??? New Museums Site, Cambridge CB2 3QG,
P.Hazel@??? England. Phone: +44 1223 334714
