[3076] in bugtraq
Re: procmail
daemon@ATHENA.MIT.EDU (Rob Payne)
Wed Aug 7 15:25:37 1996
Date: Wed, 7 Aug 1996 08:56:47 -0500
Reply-To: repayne@jeeves.net
From: Rob Payne <repayne@jeeves.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
On Tue, 6 Aug 1996 17:58:29, James Wang <ming@math.uh.edu> previously said:
> On Tue, 6 Aug 1996, Neil Soveran-Charley wrote:
> > I'm sure procmail MUST have some security feature to disallow this
> > sort of thing? But I could be wrong, and haven't checked the manual
> > pages yet.
> >
> No. Since there is no way for procmail to know before hand what
> kind of program that you might use.
One way around this would be to have a 'secure bin directory' like that
of smrsh and have procmail's use of programs to only that directory.
-rob
