paths and permissions
Tom Allison
tallison at tacocat.net
Sat Feb 28 05:34:49 CET 2004
Dave Lovelace wrote:
> David Relson wrote:
>
>>Hi Jesse,
>>
>>Sounds right. Since that posting, I learned that procmail runs suid.
>>It's been pointed out that that's potentially dangerous since users can
>>have their own .procmailrc files.
>>
>>David
>>
>
> Anything that runs SUID root is in principle insecure, but the software's
> authors attempt to wall off the sections where it's actually running as
> root. I don't know procmail's code, but I'd presume that by the time it's
> running the user's .procmailrc it's running as the user.
>
man procmail:
If no rcfiles and no -p have been specified on the command
line, procmail will, prior to reading $HOME/.procmailrc,
interpret commands from /etc/procmailrc (if present).
Care must be taken when creating /etc/procmailrc, because,
if circumstances permit, it will be executed with root
privileges (contrary to the $HOME/.procmailrc file of
course).
procmail only runs root if you have a file in /etc/procmailrc.
All files that are ~/.procmailrc are executed under the permissions of
the user. Fewer and fewer distros provide a /etc/procmailrc file.
From man procmailrc, the environment variables that may be affected by
the '-p' option include:
UMASK The name says it all (if it doesn't, then for
get about this one :-). Anything assigned to
UMASK is taken as an octal number. If not
specified, the umask defaults to 077. If the
umask permits o+x, all the mailboxes procmail
delivers to directly will receive an o+x mode
change. This can be used to check if new mail
arrived.
DROPPRIVS If set to `yes' procmail will drop all privi
leges it might have had (suid or sgid). This
is only useful if you want to guarantee that
the bottom half of the /etc/procmailrc file is
executed on behalf of the recipient.
More information about the Bogofilter
mailing list