The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #281 [Re: ~uucp/.forward files.] (1 message, 1328 bytes)
NOTICE: recognises the rights of all third-party works.


From: (Ronald S. Karr)
To: phage
Date: Fri 11:59:00 18/11/1988 EST
Subject: Re: ~uucp/.forward files.
References: [Thread Prev: 272] [Thread Next: 284] [Message Prev: 269] [Message Next: 270]

 >If a UUCP neighbor deposited into ~uucp/.forward a file containing
 >	"|/bin/sed -e '1,/^$/d'|/bin/sh"
 >(which they might be able to do it your ~uucp is uucp-writable as most are),
 >and then sent mail to your uucp account, what do you expect would happen?

Fixed in Smail3.1 :-)

 >Note that .forward files override /usr/lib/aliases in sendmail.

Really?  This sounds very backwards.

I would have to say that sendmail's lack of flexibility and configurability
of aliasing and forwarding is definitely one of its major faults.

Smail3.1's concept of a "director" (something that "directs" a local
address to its real destination -- poor use of terminology, but what the
heh) provides more than sufficient generality to handle these problems.

As an example, the definition of the .forward director can define a
list of users or directories that cannot have commands or files in
their .forward files, as well as a list of users whose .forward files
will not result in file or shell command addresses being executed as
user id associated with the file.  The default configuration for the
forward director is:

# dotforward - expand .forward files in user home directories
	driver = forwardfile,		# general-purpose forwarding director
	owner = real-$user,		# problems go to the user's mailbox
	nobody,				# if flagged as caution, run as nobody
	sender_okay;			# sender never removed from expansion

	file = ~/.forward,		# .forward file in home directories
	checkowner,			# the user can own this file
	owners = root,			# or root can own the file
	modemask = 002,			# it should not be globally writable
	caution = daemon:root,		# don't run things as root or daemon
	# be extra careful of remotely accessible home directories
	unsecure = "~ftp:~uucp:~nuucp:/tmp:/usr/tmp"

Also, the list of directors can be configured in any desired order,
allowing aliases to take precedence over .forward files (which is the
default).  In addition, it is possible to disallow .forward files
altogether, in favor of a system database that maintains user
preferences of where their mail should be sent.
	tron	|-<=>-|		ARPAnet:  amdahl!tron@Sun.COM	UUCPnet:  {decwrl,sun,uunet}!amdahl!tron