Bugtraq mailing list archives
Re: procmail
From: dennis () bconnex net (Dennis Simpson)
Date: Tue, 6 Aug 1996 22:58:32 -0400
'ftponly' accounts, i.e. people grab email via pop, but also have ftp access for maintaingin their web pages, with a 'shell' that prints a message and exits, then the following is possible to work around such security...
What security?
(.procmailrc contents) (end .procmailrc) Then email yourself with something with the password in the subject line and an xterm gets popped up on the display, running the given shell, thus bypassing any 'locked account' or 'ftponly' shells...
If the account is locked, how did they create the .procmailrc? If the account is ftponly, how do they get access to ftp to this obvious place for much more interesting mayhem than .procmailrc xterms? What security?
I'm sure procmail MUST have some security feature to disallow this sort of thing? But I could be wrong, and haven't checked the manual pages yet.
What for? What are you asking procmail to defend against? The admin?
For now I'm going to make procmail only executeable by a certain group, and stick the 'admin' types in that. Of course if you don't NEED X on the mail server, just delete it and it removes THIS particular exploit. BUT I'd feel more comfortable with making procmail only executeable by 'internal' accounts. The customer, in our case, isn't PAYING for a shell account, and so shouldn't get ANY of the facilites of one... Never mind the security issues...
If the customer isn't paying for a shell account, don't give them one. Point their home directory at something they cannot write, or something non-existent. Or do it with their .procmailrc if they don't have write access to their home directory, but you do want them to have some standard procmailrc recipe (one unsuitable for a global procmailrc). Don't provide them with a shell. If they don't need procmail, don't use it to deliver their email. If you give them shell access to put up web pages, worrying about their being able to start an xterm this way versus another seems nonsensical to me. I don't actually see why "shell access" is necessary for putting up web pages. Why not let them ftp to their web page directories, but restrict their home directories (if they have one)? Am I missing something too simple here? Thx, dennis
Current thread:
- Re: procmail Dennis Simpson (Aug 06)
- Re: procmail Jason S Kohles (Aug 07)
- Re: procmail Neil Soveran-Charley (Aug 07)
- Re: procmail Neil Soveran-Charley (Aug 07)
- Procmail, et al... Aleph One (Aug 07)
- <Possible follow-ups>
- Re: procmail Ken Robson (Aug 07)
- Re: procmail Rob Payne (Aug 07)
- Re: procmail Jason S Kohles (Aug 07)