From owner-freebsd-questions Sat Dec 5 12:50:23 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA09502 for freebsd-questions-outgoing; Sat, 5 Dec 1998 12:50:23 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from luomat.peak.org (port-10-ts2-gnv.da.fdt.net [209.212.132.41]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA09467 for ; Sat, 5 Dec 1998 12:50:10 -0800 (PST) (envelope-from luomat@luomat.peak.org) Message-Id: <199812052049.PAA08277@ocalhost> Content-Type: text/plain MIME-Version: 1.0 X-Image-URL: http://www.peak.org/~luomat/luomat@peak.org.tiff In-Reply-To: From: Timothy J Luoma Date: Sat, 5 Dec 1998 15:49:37 -0500 To: Subject: Re: Advice on sendmail / execution of programs through .forward cc: References: Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Author: mike grommet Date: Fri, 4 Dec 1998 14:06:35 -0600 ID: > Now, its quite convenient to be able to run programs from .forward, > procmail comes to mind immediately... Make procmail the LDA and it doesn't need a .forward file to run. However, letting run procmail is as much of a problem, since all they need to do is: :0 * ^Subject: launch-xterm-for-me |/path/to/whatever and mail themselves an email with the Subject: 'launch-xterm-for-me' I think removing the execute bit for regular users is the real answer. > I mean, it seems quite possible for a user to upload some sort > of exploit and an appropriate .forward via ftp, send mail to > himself and WHAM. Life gets real bad. Why let them FTP anything? TjL To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message