[4965] in bugtraq
Re: procmail
daemon@ATHENA.MIT.EDU (Brock Rozen)
Tue Jul 22 00:19:34 1997
Date: Mon, 21 Jul 1997 10:34:32 -0400
Reply-To: Brock Rozen <brozen@WEBDREAMS.COM>
From: Brock Rozen <brozen@WEBDREAMS.COM>
X-To: Illuminatus Primus <vermont@GATE.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.A32.3.93.970721005409.49320I-100000@inca.gate.net>
On Mon, 21 Jul 1997, Illuminatus Primus wrote:
> > Here's a heads up to anyone running procmail v3.11pre4.
> >
> > FILES=| sed -n -e 's/^Subject:.*request \(.*\)/\1/p'
> >
> > | (cat; cat $FILES) | $SENDMAIL -oi -t
Obviously, you were not paying attention to procmailex well enough. It
*clearly* states that this is a dangerous script if you play around with
it too much
"it does not return files that have names starting with a dot, nor does it
allow files to be retrieved that are outside the fileserver directory
tree (if you decide to munge this example, make sure you do not
inadvertently loosen this last restriction)."
It tells you straight out that it includes built-in security in the
script, but if you play around too much that you should not play around
with one specific restriction -- which is the one that doesn't let you
retrieve any files outside of the directory you specify.
Yes, it can be a security problem, only if you leave it open. Much like
creating a root account w/o a password would leave a system vulnerable.
Both are security holes, but not flaws in the system.
-------------------------------------------------------------------------
| Brock Rozen | brozen@webdreams.com | http://www.webdreams.com/~brozen |
-------------------------------------------------------------------------
