[3069] in bugtraq
Re: procmail
daemon@ATHENA.MIT.EDU (Jon Lewis)
Tue Aug 6 17:59:51 1996
Date: Tue, 6 Aug 1996 17:11:33 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Jon Lewis <jlewis@inorganic5.fdt.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199608062021.PAA11979@homeport.org>
On Tue, 6 Aug 1996, Adam Shostack wrote:
> Such bugs might exist in a users .procmailrc, based on bad
> programming. Procmail is after all, a language for mail processing.
> People can do dumb things with it. I'd be suprised to see a bug in
> the procmail program that would open an xterm, but I've been suprised
> before. ;)
I emailed the author of procmail about this...and he guesses that the
poster meant that you could break into your own account by running an
xterm in your .procmailrc on a system where you normally would have email
only and not shell access. This would be much more a system admin
problem than procmail problem.
------------------------------------------------------------------
Jon Lewis | Mime attachments are OK
jlewis@inorganic5.fdt.net | But please ask before sending
http://inorganic5.fdt.net | unsolicited huge files.
________Finger jlewis@inorganic5.fdt.net for PGP public key_______
