Re: [Exim] Running Commands

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Greg Ward
Date:  
À: Joseph Kezar
CC: exim-users
Sujet: Re: [Exim] Running Commands
On 11 October 2001, Joseph Kezar said:
> Okay, I did what you said and simplified my script.
> It generated a /tmp/msg823 file! So far so good.
> The newly created file has UID=mail and GID=mail.
> What I am trying to accomplish:
> - A means for one of our users to log into a CGI webpage and set there vacation message and turn their
> .forward files vaction method on.
> - CGIs are run as either "nobody" or "httpd" so I can't write a CGI to handle this functionality.
> - So in my CGIs I am generating an email message with all the users input about what they want their
> .vacation.msg to say
> - Then in the CGI I email autoreply@??? and here is where Exim jumps into action!.


Ouch! That sound excessively complicated. I know nothing about writing
setuid CGI scripts, and I'd be very nervous about making the CGI script
itself setuid. (Especially to root.)

First idea: I'm sure it's possible with Exim to setup "vacation"
messages that don't require editing a user's .forward file, and don't
require the hoary old "vacation" program at all. Check the Exim spec;
search for "vacation" in the index. Ditto in the filtering manual. My
guess is you can do something like this:

  * make a directory /etc/exim/vacation (it could be argued that this
    belongs in /var: whatever)


  * if a file /etc/exim/vacation/foo exists, that means user "foo"
    is on vacation; the content of this file is the vacation message


  * when a message is received for user "foo", check to see if
    /etc/exim/vacation/foo exists.  If so, use Exim's built-in
    "vacation" message capabilities to send notification to
    the sender, including the contents of /etc/exim/vacation/foo.
    Also deliver the message to foo's mailbox.


I'm pretty sure you can do all this in the system filter. ISTR this is
covered in the filtering manual; see the "mail" command.

Then all you have to do is make /etc/exim/vacation writeable by your CGI
script, and write /etc/exim/vacation/foo when user foo tells your CGI
script he's going on vacation.

Second idea: if you're absolutely wedded to the idea of using .forward
(eg. you're not sure about this Exim thing, and might want to fallback
on a different MTA), you can probably do it.  It'll be harder, more
error-prone, and more likely to have security holes.  Here's what I'd
do:
  * write a helper program that takes exactly two arguments:
    a username and the user's desired vacation message (as a single
    string!).  This program's *sole* responsibility is to write
    the .forward and .vacation file for a user.


  * make it setuid root, and be VERY paranoid.  "man perlsec" until blue
    in face.  Then it will have sufficient privileges to write any
    user's .forward file.  You'll have to do it in C or Perl, because
    those are your only realistic options for writing setuid programs --
    I'd do it in Perl, personally.


  * call this helper program from your CGI script.  *Avoid the shell*
    like the plague.  Eg. if your CGI script is in Perl:
       system "/my/setuid/helper", $username, $vacation_msg;


        Greg
-- 
Greg Ward - software developer                gward@???
MEMS Exchange                            http://www.mems-exchange.org