paths and permissions
Bob George
mailings02 at ttlexceeded.com
Fri Feb 27 22:40:20 CET 2004
Greg McCann <greg at cambria.com> wrote:
> [...]
> Obviously, if a non-root user can run commands as root by
> placing them in his .procmailrc, this is a Bad Thing.
Procmail here (debian linux) is suid/sgid:
$ ls -l /usr/bin/procmail
-rwsr-sr-x 1 root mail 66K Jan 20 12:09 /usr/bin/procmail
When first run, procmail runs as effectively user root, group mail. To address
this concern, procmail provides:
DROPPRIVS If set to `yes' procmail will drop all privileges it might
have had (suid or sgid). This is only useful if you want
to guarantee that the bottom half of the /etc/procmailrc
file is executed on behalf of the recipient.
If added to /etc/procmailrc, it prevents the behavior you're concerned about.
At least I think I've got that all right! :)
- Bob
More information about the Bogofilter
mailing list