procmail (in)security
Fred Yankowski
fred at ontosys.com
Fri Mar 7 19:21:11 CET 2003
I tried a Google search almost exactly like yours before I sent my
prior note -- "procmail security problem" (note singular on that last)
-- and got fewer hits. I just learned something about using Google
better there.
Anyway, the information that comes up in response to your search
doesn't bother me much. I see only a few reported problems, they
aren't recent, and they don't look like weaknesses that can be
exploited remotely. But thank you for reminding me that procmail runs
setuid root; I'd forgotten that.
Although procmail recipes are awkward, I don't have much trouble with
them any more. I save all incoming messages into a backup mailbox
(which I empty of old messages regularly) before I do further
processing with procmail, so I can always recover messages if I hose
up the procmail rules. My needs are simple so my mistakes usually
result in sending the message to the wrong mailbox in a set of
mailboxes that I read routinely anyway.
--
Fred Yankowski fred at ontosys.com tel: +1.630.879.1312
OntoSys, Inc PGP keyID: 7B449345 fax: +1.630.879.1370
www.ontosys.com 38W242 Deerpath Rd, Batavia, IL 60510-9461, USA
More information about the Bogofilter
mailing list