chk@dciem.dciem.dnd.ca (C. Harald Koch) (06/16/89)
In article <1989Jun14.125010.21078@ateng.com> chip@ateng.com (Chip Salzenberg) writes: >> A person I know has made a simple patch to smail 2.5 >> which allows it to support "|program" aliases. >> >> If people are interested I will try to get him to >> post his changes to tne net. > >I just want to warn everyone that I did exactly that, once. However, if the >patch is "simple" then its security must be little or none. Do you want a >feature if it lets your users execute arbitrary programs as "uucp"? I am the person who wrote the patch that Bruce is talking about. I would naturally prefer to use deliver, but then I would have to port deliver to the Amiga, which is as non-trivial as porting SMail was. The patch does *not* allow arbitrary users to execute arbitrary commands. My patch automatically rejects any addresses given to SMail which contain the '|' character. "|command" only works from the aliases file. (Of course, if this file is world writable, then you still have a security problem...). Another problem is that the command runs as the user who ran SMail (often uucp, sometimes root) so you have to be careful when writing the commands. This was secure enough for my application, namely a two-user Amiga system. The patch really is quite simple; change deliver() to skip directly to popen() if the first character of an address is a '|', and change alias() to ignore all initial addresses containing '|'. About 10 lines of code altogether. -- Grandpa Charnock's Law: | C. Harald Koch NTT Systems, Inc., Toronto, Ontario You never really learn | chk@gpu.utcs.utoronto.ca (long-term address) to swear until you learn | chk@zorac.dciem.dnd.ca (my current job) to drive. | chk@chkent.UUCP (my AMIGA at home)
chip@ateng.com (Chip Salzenberg) (06/17/89)
[On the subject of the patch that adds "|command" aliases to Smail 2.5...] According to chk@dciem.dciem.dnd.ca (C. Harald Koch): >My patch automatically rejects any addresses given to SMail which contain >the '|' character. [...] "|command" only works from the aliases file. Of course, there's always the user's ".forward" file... -- You may redistribute this article only to those who may freely do likewise. Chip Salzenberg | <chip@ateng.com> or <uunet!ateng!chip> A T Engineering | Me? Speak for my company? Surely you jest!