Bugtraq mailing list archives

Re: procmail

From: jlewis () inorganic5 fdt net (Jon Lewis)
Date: Tue, 6 Aug 1996 17:11:33 -0400


On Tue, 6 Aug 1996, Adam Shostack wrote:

Such bugs might exist in a users .procmailrc, based on bad
programming.  Procmail is after all, a language for mail processing.
People can do dumb things with it.  I'd be suprised to see a bug in
the procmail program that would open an xterm, but I've been suprised
before. ;)


I emailed the author of procmail about this...and he guesses that the
poster meant that you could break into your own account by running an
xterm in your .procmailrc on a system where you normally would have email
only and not shell access.  This would be much more a system admin
problem than procmail problem.


------------------------------------------------------------------
 Jon Lewis                      |  Mime attachments are OK
 jlewis () inorganic5 fdt net      |  But please ask before sending
 http://inorganic5.fdt.net      |  unsolicited huge files.
________Finger jlewis () inorganic5 fdt net for PGP public key_______

Current thread:

Re: Exploiting Zolaris 2.4 ?? :) Leif Hedstrom (Aug 04)
- <Possible follow-ups>
- Re: Exploiting Zolaris 2.4 ?? :) Fletch (Aug 04)
  - Re: your mail Greg Woods (Aug 05)
    - Re: your mail neill (Aug 05)
  - PAM login programs? Josh Wilmes (Aug 05)
    - procmail DANIEL .D .EZEKIEL (Aug 05)
    - (Fwd) CERT Advisory CA-96.17 - Vulnerability in Solaris vold Hubert Feyrer (Aug 06)
    - Re: procmail Adam Shostack (Aug 06)
    - Re: procmail Jon Lewis (Aug 06)
    - Re: procmail Neil Soveran-Charley (Aug 06)
    - Re: procmail James Wang (Aug 06)
    - Re: procmail Kari E. Hurtta (Aug 06)
    - Re: procmail Ficus Kirkpatrick (Aug 07)
    - Re: procmail Melody Lynn Yoon (Aug 07)
    - Re: PAM login programs? Marek Michalkiewicz (Aug 06)
    - Re: PAM login programs? Arthur Donkers (Aug 06)
- Re: Exploiting Zolaris 2.4 ?? :) Peter Jeremy (Aug 05)