[rt-users] Mail Problem
Lorens Kockum
rt-id-45 at lists.lorens.org
Wed Jul 11 13:02:33 EDT 2001
On Wed, Jul 11, 2001 at 12:18:12PM -0400, Jesse wrote:
> I'll bet this is the same problem other folks have been running into
> with sendmail 8.11. I'd greatly appreciate it if someone could
> read enough of the sendmail 8.11 documentation to figure out why sendmail
> clobbers the setgid bit on things it executes.
Just a general solution to the problem:
If you setup the alias to deliver to the RT user, and use that
user's procmail or forward file to dispatch it from there, there
should be no setuid/setgid problems. That's what's done on
qmail, which IIRC won't of itself deliver to a set.id program.
I like the way this ensures that the stdin of the script when
executed with proper uid/gid is coming from the MTA with
well-defined command-line options and not from a malicious
local user. I don't suppose it's a problem for this particular
application, but I'm paranoid and I like good habits.
On exim I set up a specific transport for mails to RT, and
specified the user/group in there, but that's exim :-)
--
#include <std_disclaim.h> Lorens Kockum
More information about the rt-users
mailing list