Date: Sat, 5 Dec 1998 15:49:37 -0500 From: Timothy J Luoma <public+FreeBSD@fdt.net> To: <mgrommet@insolwwb.net> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: Advice on sendmail / execution of programs through .forward Message-ID: <199812052049.PAA08277@ocalhost> In-Reply-To: <A199D70FC96DD211AD1000609767926103598F@ISIMAIL> References: <A199D70FC96DD211AD1000609767926103598F@ISIMAIL>
next in thread | previous in thread | raw e-mail | index | archive | help
Author: mike grommet <mgrommet@insolwwb.net> Date: Fri, 4 Dec 1998 14:06:35 -0600 ID: <A199D70FC96DD211AD1000609767926103598F@ISIMAIL> > Now, its quite convenient to be able to run programs from .forward, > procmail comes to mind immediately... Make procmail the LDA and it doesn't need a .forward file to run. However, letting run procmail is as much of a problem, since all they need to do is: :0 * ^Subject: launch-xterm-for-me |/path/to/whatever and mail themselves an email with the Subject: 'launch-xterm-for-me' I think removing the execute bit for regular users is the real answer. > I mean, it seems quite possible for a user to upload some sort > of exploit and an appropriate .forward via ftp, send mail to > himself and WHAM. Life gets real bad. Why let them FTP anything? TjL To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812052049.PAA08277>