|
Bugtraq
mailing list archives
Re: procmail
From: guenther () GAC EDU (Philip Guenther)
Date: Mon, 21 Jul 1997 00:23:10 -0500
jamie <batsy () VAPOUR NET> writes:
Here's a heads up to anyone running procmail v3.11pre4.
In the procmailex man page there is an example of a simple fileserver.
The problem with the example is that after getting it working, I wanted
to see if the MAILDIR variable would isolate procmail to that directory.
The manpage you quote dates from procmail 3.06 or so. 3.10 and later
have correctly paranoid manpages.
:0
* !^X-Loop: yourname () your main mail address
* !^Subject:.*Re:
* !^FROM_DAEMON
* ^Subject:.*request
{
...
Solution: change that last subject to read:
* ^Subject:.*request [0-9a-z]
and add the condition:
* ! ^Subject:.*[/.]\.
That will protect you from ".."s and keep dot files in general from
being fetched. Totally ripping out the entire recipe and inserting
the version from the version 3.11pre* manpage would probably be a
good idea, assuming you have at least 3.10.
(Note: procmail regexps are case insensitive by default)
Philip Guenther
----------------------------------------------------------------
Philip Guenther UNIX Systems and Network Administrator
Internet: guenther () gac edu Voicenet: (507) 933-7596
Gustavus Adolphus College St. Peter, MN 56082-1498
 By Date 
By Thread
Current thread:
- Re: procmail, (continued)
AIX ping (Exploit) Bryan P. Self (Jul 20)
Re: procmail Philip Guenther (Jul 20)
AIX lchangelv (Exploit) Bryan P. Self (Jul 20)
SNI-16: INN News Server Security Advisory Secure Networks Inc. (Jul 21)
Re: procmail Adam Shostack (Jul 21)
| 
Intro
