> >procmail unix - n n - - pipe
> > flags=R user=cyrus argv=/usr/bin/procmail -p \
> > /home/cyrus/procmail.common \
> > USER=${user} EXTENSION=${extension}
>
>In my opinion, the bug is for procmail to execute commands in
>per-recipient files when running with someone elses privileges.
>
>The pipe transport DOES NOT filter $name expansions, because the
>command is not executed by a shell. This is described in the pipe(8)
>manual page.
>
>The local delivery agent DOES filter $name expansions, because the
>command is often executed by a shell. The filter is under control
>by the $command_expansion_filter configuration parameter. This is
>described in the local(8) manual page. This applies to any external
>command executed by the local delivery agent, including mailbox_command.
>
> Wietse
So postfix does support the neccesary filtering required to sanitize the
variables passed to procmail. If Postfix is properly setup, Procmail would
not be vulnerable to the originally described hole.
Received on Jul 05 2000
Intro
