2 messages in net.sourceforge.lists.courier-maildrop[maildropl] security ramification of ...
FromSent OnAttachments
Fred JFeb 27, 2007 5:36 am 
Sam VarshavchikFeb 27, 2007 3:31 pm 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:[maildropl] security ramification of SHELL=/bin/sh and cc'ing to a script?Actions...
From:Fred J (lami@koala.de)
Date:Feb 27, 2007 5:36:18 am
List:net.sourceforge.lists.courier-maildrop

Hi again,

I'm new to courier. So please excuse any redundancy. Also, I've read http://www.courier-mta.org/?maildropfilter.html~ENVIRONMENT and looked at archives.

How secure is piping to a script with cc?

I mean: Is the message being shell-escaped when using SHELL=/bin/sh or is it being passed directly to the script being cc'd to without going through the shell?

I assume that all values passed from mda are tainted in that possibly included shell escape sequences are left as is. This correct?

Does getaddr(string) extract valid rfc2822 that can be assumed to be safe/shell-scaped?

Would not setting the SHELL-env from /bin/false (assuming virtuser) to eg. /bin/sh but to a jailshelli be a safer alternative?

I'm sensible to _not_ using import SOEMTHING, btw.

What I'm basically asking is, should i always call escape() before cc'ing to a script and how safe is this? Btw: How can I call escape() on the entire message prior to cc'ing? Haven't found anything on this yet..

<quote from="http://www.courier-mta.org/?maildropfilter.html~AEN991"> "Although using data from an external data source is dangerous, and it may result in inadvertent exploits, using the escape function should hopefully result in fewer surprises." </quote>

Thanks for any insights! Regards Fred