[Mimedefang] defang script using chown or chgrp
jon.rowlan at sads.com
Tue Apr 29 02:32:45 EDT 2008
>> When I issue
>> system('cp', 'INPUTMSG', "/mailstore/$recipient/$MsgID");
> That is NOT a good idea. Allowing arbitrary attacker-supplied data to
> be used to construct a filename is asking for trouble... but anyway...
I don't understand. I have around 20 domains. Sendmail filters mails so
that I only accept mail to these domains therefore there is no ambiguity
or window of opportunity in $recipient (it actually only holds the
domain portion of the recipient name by this stage). $MsgID is a unique
name that is manufactured by sendmail. I am struggling to think of a way
that this can be abused by a third party.
>> the message gets save correctly but with a user/group of "defang". I
>> want to chown or chgrp it so that it effectively belongs to or at
>> can be read by a user. The Maildir is in the users Home.
> You can't do what you want unless you run MIMEDefang as root (and of
> MIMEDefang refuses to run as root, so....)
> You could (as you said) use a cron job to do the chown. Or a SUID
> program (not recommended unless you are very careful). Or use a
> database to store the messages instead of the file system.
I am going to use cron. I can see why chown/chgrp should be protected
from non root users and this whole exercise is simply to give my users
access to a bucket of their awaiting emails for when their internet
connection/server is down. These are in no way expected to be long term,
eventually their mail will be delivered normally. I can cron every 15
minutes quite comfortably. Using a database I am still left with a
problem. I need to pack the mail away in mimedefang but then unpack it
when the client wants access, although interestingly I had never
considered putting the mail into a database - its certainly food for
More information about the MIMEDefang