[rt-users] Mail Problem

Lorens Kockum rt-id-45 at lists.lorens.org
Wed Jul 11 13:02:33 EDT 2001


On Wed, Jul 11, 2001 at 12:18:12PM -0400, Jesse wrote:
> I'll bet this is the same problem other folks have been running into
> with sendmail 8.11.  I'd greatly appreciate it if someone could 
> read enough of the sendmail 8.11 documentation to figure out why sendmail
> clobbers the setgid bit on things it executes.

Just a general solution to the problem:

If you setup the alias to deliver to the RT user, and use that
user's procmail or forward file to dispatch it from there, there
should be no setuid/setgid problems.  That's what's done on
qmail, which IIRC won't of itself deliver to a set.id program.

I like the way this ensures that the stdin of the script when
executed with proper uid/gid is coming from the MTA with
well-defined command-line options and not from a malicious
local user.  I don't suppose it's a problem for this particular
application, but I'm paranoid and I like good habits.

On exim I set up a specific transport for mails to RT, and
specified the user/group in there, but that's exim :-)

-- 
#include <std_disclaim.h>                          Lorens Kockum




More information about the rt-users mailing list