paths and permissions
Greg McCann
greg at cambria.com
Fri Feb 27 17:11:21 CET 2004
On 2/27/2004 at 10:45 AM Dave Lovelace <dave at firstcomp.biz> wrote:
>Anything that runs SUID root is in principle insecure, but the software's
>authors attempt to wall off the sections where it's actually running as
>root. I don't know procmail's code, but I'd presume that by the time it's
>running the user's .procmailrc it's running as the user.
That is as it should be. You certainly do not want users to be able to run a command as root simply by placing it in their .procmailrc file. But in some peoples' systems it appears that users are able to update a non-world-writable wordlist.db with the "bogofilter -u" command in their .procmailrc. On other systems, like mine, I have had to make wordlist.db world-writable for users to be able to update it from their own .procmailrc files. I am running sendmail 8.12.10 and procmail 3.21.
One way to check what your system is doing is to add the following to your .procmailrc file.
LOGFILE=procmail.log
VERBOSE=off
LOGABSTRACT=all [enable procmail logging if it is not already]
LOG="`id` [log the id of the user the process is running as]
"
In my system it logs the id of the user who is receiving the mail. I wonder if procmail is running as root on those systems where any users' procmail can write to a non-world-writeable wordlist.db. That would make me very afraid.
Greg
More information about the Bogofilter
mailing list