paths and permissions

[Eric Wood]

> Eric Wood <eric at interplas.com> wrote:
> > Bob George wrote:
> >>        DROPPRIVS   If  set to `yes' procmail will drop all
> >>                    privileges it might have had (suid or
> >>                    sgid).  This is only useful if  you  want
> >>                    to  guarantee  that  the bottom half of
> >> the /etc/procmailrc file is
> >> executed on behalf of the recipient.
> >
> > What does "bottom half" mean?
>
> I *SUPPOSE* it might mean that anything AFTER the DROPPRIVS statement.

That's got to be it.  After all, you can change other variables anywhere
throughout the recipe.  I suppose you can even use as many DROPPRIVS
statements throughout the recipe as you wish.

"Behalf of the recipient".... to me this would mean that procmail would have
to retreive the uid and gid of the recipient.  Now, all my virtual domains
and virtual users are handled in auxillary passwd/shadow files - not the
system passwd/shadow file.  UID's start at 60000 per vdomain as typical.
procmail on my system is *not* setuid and is actually called under to uid of
60000 or whatever vuser.  Thankfully, this effectively neutralizing procmail
vulnerabilities.  I just tested it and DROPPRIVS has no effect on me - again
because of virtual users is the "recipient" in which procmail didn't have
the brains to switch to.

And the arguement is full circle again - only my wordlist.db is
world-writable.

Now, since my logs didn't complain about a missing user in /etc/passwd when
DROPPRIVS was issued, that would mean the original uid (root) continued.
We'll have to check the procmail code to see if the error is ignored which
could be another security hole.
-Eric Wood