On 8 October 1997, Richard Gilbert proclaimed:
> I was going to ask...
>
> "Is there an Exim equivalent of smrsh, the SendMail Restricted SHell,
> i.e. something to restrict the pipes which Exim will allow? Or is such
> a thing unnecessary with Exim because the problem with sendmail which
> smrsh was designed to solve is not a problem with Exim?"
>
> ...but I thought that I had better read the manual carefully first. In
> section 17.2 (of the 1.62 version of the manual) I came across
> restrict_to_path, but that would seem to prevent standard use of e.g.
> /usr/ucb/vacation. I then noted the remarks about the command being run
> directly from the transport, NOT under a shell, thus lessening the
> security risks... But it says that if a shell is required it can be
> specified explicitly. After reading that I still don't know whether
> allowing users to run pipes from .forward files is a security threat or
> not.
If you use restrict_to_path carefully, I would say no. You can also
set the path you restrict to, I believe. The other benefit you get
from exim is that the .forward file is not just fed to /bin/sh, it's
fork'd and exec'd, with all the arguments explicitly listed. ie: no
shell interpretation of metacharacters.
Have a look through the list archives for ".forward" - this has been
discussed before, I think.
-Dom
--
* This is sent by the exim-users mailing list. To unsubscribe send a
mail with subject "unsubscribe" to exim-users-request@???
* Exim information can be found at http://www.exim.org/
