Bugtraq mailing list archives
Re: procmail
From: guenther () GAC EDU (Philip Guenther)
Date: Mon, 21 Jul 1997 00:23:10 -0500
jamie <batsy () VAPOUR NET> writes:
Here's a heads up to anyone running procmail v3.11pre4. In the procmailex man page there is an example of a simple fileserver. The problem with the example is that after getting it working, I wanted to see if the MAILDIR variable would isolate procmail to that directory.
The manpage you quote dates from procmail 3.06 or so. 3.10 and later have correctly paranoid manpages.
:0 * !^X-Loop: yourname () your main mail.address * !^Subject:.*Re: * !^FROM_DAEMON * ^Subject:.*request {
... Solution: change that last subject to read: * ^Subject:.*request [0-9a-z] and add the condition: * ! ^Subject:.*[/.]\. That will protect you from ".."s and keep dot files in general from being fetched. Totally ripping out the entire recipe and inserting the version from the version 3.11pre* manpage would probably be a good idea, assuming you have at least 3.10. (Note: procmail regexps are case insensitive by default) Philip Guenther ---------------------------------------------------------------- Philip Guenther UNIX Systems and Network Administrator Internet: guenther () gac edu Voicenet: (507) 933-7596 Gustavus Adolphus College St. Peter, MN 56082-1498
Current thread:
- procmail jamie (Jul 18)
- Re: procmail Illuminatus Primus (Jul 20)
- Re: procmail Brock Rozen (Jul 21)
- Re: procmail Casper Dik (Jul 21)
- Re: procmail Olaf Kirch (Jul 21)
- Re: procmail Casper Dik (Jul 22)
- Re: procmail Illuminatus Primus (Jul 20)
- AIX ping (Exploit) Bryan P. Self (Jul 20)
- AIX ping, lchangelv, xlock fixes Troy Bollinger (Jul 21)
- Re: procmail Philip Guenther (Jul 20)
- AIX lchangelv (Exploit) Bryan P. Self (Jul 20)
- SNI-16: INN News Server Security Advisory Secure Networks Inc. (Jul 21)
- Re: SNI-16: INN News Server Security Advisory Christopher Samuel (Jul 28)
- Re: SNI-16: INN News Server Security Advisory Nathan J. Mehl (Jul 28)
- Re: SNI-16: INN News Server Security Advisory Christopher Samuel (Jul 28)
- Re: procmail Adam Shostack (Jul 21)