Bugtraq mailing list archives

Re: procmail

From: ficusk () on-ramp ior com (Ficus Kirkpatrick)
Date: Wed, 7 Aug 1996 13:57:19 -0700


   >   I'm sure procmail MUST have some security feature to disallow this
   > sort of thing? But I could be wrong, and haven't checked the manual
   > pages yet.

   Sendmail disallows this short things by not allowing pipes in .forward
   if user have not valid shell (listed in /etc/shells). Yes, if you
   use procmail as local delivery agent, then you need same kind mechanism
   in procmail also (if it allows piping mail to programs).

The problem there is that for an 'ftp only' account, the shell has to
be in /etc/shells, or FTP will not work (with most FTP servers).

Ficus

Current thread:

Re: your mail, (continued)
- - Re: your mail Greg Woods (Aug 05)
    - Re: your mail neill (Aug 05)
  - PAM login programs? Josh Wilmes (Aug 05)
    - procmail DANIEL .D .EZEKIEL (Aug 05)
    - (Fwd) CERT Advisory CA-96.17 - Vulnerability in Solaris vold Hubert Feyrer (Aug 06)
    - Re: procmail Adam Shostack (Aug 06)
    - Re: procmail Jon Lewis (Aug 06)
    - Re: procmail Neil Soveran-Charley (Aug 06)
    - Re: procmail James Wang (Aug 06)
    - Re: procmail Kari E. Hurtta (Aug 06)
    - Re: procmail Ficus Kirkpatrick (Aug 07)
    - Re: procmail Melody Lynn Yoon (Aug 07)
    - Re: PAM login programs? Marek Michalkiewicz (Aug 06)
    - Re: PAM login programs? Arthur Donkers (Aug 06)
- Re: Exploiting Zolaris 2.4 ?? :) Peter Jeremy (Aug 05)