davids@iscuva.ISCS.COM (David Schmidt) (04/07/88)
Here is a small patch to smail 2.5 (comp.sources.unix, volume 11). It adds the ability to create aliases which will pipe the mail message into a program. For example, you can receive news mailed to you by creating the following alias: rnews:"|/usr/bin/rnews" Apply this using patch: *** old/aliases.8 Thu Oct 8 08:53:09 1987 --- ./aliases.8 Wed Apr 6 14:53:09 1988 *************** *** 169,176 .I sendmail is that .I smail ! doesn't handle stuff like mail to files ! or command execution. .SH SEE ALSO smail(8), paths(8), pathproc(8) .SH VERSION --- 169,180 ----- .I sendmail is that .I smail ! doesn't handle stuff like mail to files. It does however handle ! command execution. The format of a program alias is ! .sp ! .ce ! mylogin~"|/myprogram" ! .sp .SH SEE ALSO smail(8), paths(8), pathproc(8) .SH VERSION *** old/deliver.c Thu Oct 8 08:53:36 1987 --- ./deliver.c Wed Apr 6 14:53:24 1988 *************** *** 9,20 static char *sccsid="@(#)deliver.c 2.5 (smail) 9/15/87"; #endif ! # include <stdio.h> ! # include <sys/types.h> ! # include <sys/stat.h> ! # include <ctype.h> ! # include <signal.h> ! # include "defs.h" extern int exitstat; /* set if a forked mailer fails */ extern enum edebug debug; /* how verbose we are */ --- 9,20 ----- static char *sccsid="@(#)deliver.c 2.5 (smail) 9/15/87"; #endif ! #include <stdio.h> ! #include <sys/types.h> ! #include <sys/stat.h> ! #include <ctype.h> ! #include <signal.h> ! #include "defs.h" extern int exitstat; /* set if a forked mailer fails */ extern enum edebug debug; /* how verbose we are */ *************** *** 146,152 } (void) sprintf(lcommand, LMAIL(from, hostv[i])); ! (void) sprintf(rcommand, RMAIL(flags, from, hostv[i])); /* ** For each address with the same host name and form, append the user --- 146,152 ----- } (void) sprintf(lcommand, LMAIL(from, hostv[i])); ! (void) sprintf(rcommand, RMAIL(flags, from, hostv[i], userv[i])); /* ** For each address with the same host name and form, append the user *************** *** 153,159 ** name to the command line, and set form = ERROR so we skip this address ** on later passes. */ ! /* we initialized lend (rend) to point at the * beginning of its buffer, so that at * least one address will be used regardless * of the length of lcommand (rcommand). --- 153,159 ----- ** name to the command line, and set form = ERROR so we skip this address ** on later passes. */ ! /* we initialized lend (rend) (pend) to point at the * beginning of its buffer, so that at * least one address will be used regardless * of the length of lcommand (rcommand). *************** *** 205,211 ** ** Rather, go straight to the next smail routing level. */ ! if(form == ERROR) { static char errbuf[SMLBUF]; (void) sprintf(errbuf, "address resolution ('%s' @ '%s') failed", --- 205,211 ----- ** ** Rather, go straight to the next smail routing level. */ ! if (form == ERROR) { static char errbuf[SMLBUF]; (void) sprintf(errbuf, "address resolution ('%s' @ '%s') failed", *************** *** 219,224 command = scommand; } else if (form == LOCAL) { command = lcommand; } else { command = rcommand; if(flags == uux_noqueue) { --- 219,233 ----- command = scommand; } else if (form == LOCAL) { command = lcommand; + #ifndef SENDMAIL + c = index(command, '|'); + if (c != NULL) { + command = c; /* setup the new command */ + command++; /* step over the pipe symbol */ + while (*c) c++; /* find the end of the command */ + if (*(c-1) == '\'' || *(c-1) == '"') *(c-1) = '\0'; + } + #endif SENDMAIL } else { command = rcommand; if(flags == uux_noqueue) { -- David Schmidt UUCP: davids@iscuva.ISCS.COM ISC Systems Corporation (uunet!iscuva!davids) East 22425 Appleway Phone: +1 509 927-5479 Liberty Lake, WA 99019
zeeff@b-tech.UUCP (Jon Zeeff) (04/08/88)
In article <1313@iscuva.ISCS.COM> davids@iscuva.ISCS.COM (David Schmidt) writes: >Here is a small patch to smail 2.5 (comp.sources.unix, volume 11). >It adds the ability to create aliases which will pipe the mail >message into a program. > I'm sure this works fine, but it sure doesn't look secure. Think about the uid and effective uid when the program is run? What if it happens to be root that triggered uuxqt? Can a offsite user cause any program to be executed by some random id by mailing to |program? I have a lmail replacement that will do you what you want in a much safer manner. --Jon -- Jon Zeeff Branch Technology, uunet!umix!b-tech!zeeff zeeff%b-tech.uucp@umix.cc.umich.edu