[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
alias.cf inconsistency
Dear ZMailers,
I think there is some minor inconsistency in alias.cf (from ZMailer 2.99.44).
When routeuser() looks for a .forward file of a local user,
it its privilege is nobody, because default_attributes contains this.
------
# only allow .forward file reading if privs allow it
case "$(get $attr type)" in
expandsender) a=$(homedirectory "$user")/.forward && [ -f $a ] && \
return (($quad)) ;;
esac
priv=$(get $attr privilege) ###### THIS IS THE MATTER
[ $PUNTHOST ] ||
[ $didexpand ] ||
a="$(homedirectory "$user")/.forward" && [ -f "$a" ] &&
db add expansions "$key" user &&
priv=$(getpriv "644" $priv "$a" .forward) &&
return $(listaddresses -e "$user" -c "$a .forward expansion" < "$a" | \
maprrouter $(newattribute $attr privilege $priv) \
"$a" "$user")
-------
If user's home dir is unreadable, the mail won't be forwarded.
However if the addresse is an alias, the privilege are set to equal to
owner of alias database, usually root:
-------
# alias expansion
[ $didexpand ] ||
a="$(aliases "$user")" &&
db add expansions "$key" alias &&
priv=$(filepriv -M 644 $MAILVAR/db/aliases \
$(db owner aliases)) && #### LOOK THIS
nattr=$(newattribute $attr privilege $priv) &&
return $(echo "$a" | listexpand -e root \
-c 'alias expansion' \
-N - \
"$nattr" "$a" "$user")
-------
Then the .forward file can be read even in an unreadable homedir.
Question:
Why restricton of privilege is necessary when looking .forward?
If user doesn't want to forward mails [s]he should remove the .forward file
instead of protecting homedir. I think reading .forward by root force
doesn't hurt her/his privacy. In other words, why peoples with
protected homedir can't enjoy the benefits of .forward?
Any comment?
Gabor