[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Problem with aliases to program
> > On Tue, 1 Apr 1997, Victor Gamov wrote:
> > > Hi!
> > >
> > > I have problem when I try send mail to user with next
> > > record in aliases file:
> > > user: "|/usr/local/bin/myprogram"
> > > I've got error message: "Mail to program disallowed w/o proper
> > > privileges".
> > > Any suggestions?
> >
> > Yes, check the UID of the user. If it is something in the lower range
> > (below 100 or so), try upping it. I had this problem before and this
> > solved it for me.
>
> But I want add user in aliases file without adding in passwd file.
This looks like security problem at the aliases file.
Verify protections of:
$MAILVAR/db/aliases* 644 or stricter
$MAILVAR/db 755 or stricter
If those conditions are not met, the address expanded thru
the aliases will get privilege of "nobody", which is a magic
token to disable several security sensitive operations, like
writing to non-mailbox files, or running pipes.
On related note, at machines where uid_t is unsigned, the
"nobody" account should NOT be with uid -2 !
That MIGHT relate to a "easy to get a root shell" that was
noted yesterday.
(To know for sure, I do need more details of the setup..)
> --
> CU, Victor Gamov
/Matti Aarnio <mea@nic.funet.fi>