[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

alias.cf inconsistency

Dear ZMailers,

I think there is some minor inconsistency in alias.cf (from ZMailer 2.99.44).
When routeuser() looks for a .forward file of a local user,
it its privilege is nobody, because default_attributes contains this.

#       only allow .forward file reading if privs allow it
        case "$(get $attr type)" in
        expandsender) a=$(homedirectory "$user")/.forward && [ -f $a ] && \
                        return (($quad)) ;;
        priv=$(get $attr privilege)  ###### THIS IS THE MATTER
        [ $PUNTHOST ] ||
        [ $didexpand ] ||
        a="$(homedirectory "$user")/.forward" && [ -f "$a" ] &&
                db add expansions "$key" user &&
                priv=$(getpriv "644" $priv "$a" .forward) &&
                return $(listaddresses -e "$user" -c "$a .forward expansion" < "$a" | \
                         maprrouter $(newattribute $attr privilege $priv) \
                                        "$a" "$user")

If user's home dir is unreadable, the mail won't be forwarded.

However if the addresse is an alias, the privilege are set to equal to
owner of alias database, usually root:

#       alias expansion
        [ $didexpand ] ||
             a="$(aliases "$user")" &&
                db add expansions "$key" alias &&
                priv=$(filepriv -M 644 $MAILVAR/db/aliases \
                                        $(db owner aliases)) &&    #### LOOK THIS
                nattr=$(newattribute $attr privilege $priv) &&
                return $(echo "$a" | listexpand -e root \
                                                -c 'alias expansion' \
                                                -N - \
                                                "$nattr" "$a" "$user")

Then the .forward file can be read even in an unreadable homedir.

Why restricton of privilege is necessary when looking .forward?

If user doesn't want to forward mails [s]he should remove the .forward file
instead of protecting homedir. I think reading .forward by root force
doesn't hurt her/his privacy. In other words, why peoples with
protected homedir can't enjoy the benefits of .forward?

Any comment?