Fred J writes:
> Hi again,
>
> I'm new to courier. So please excuse any redundancy.
Also, I've read
> http://www.courier-mta.org/?maildropfilter.html~ENVIR
ONMENT and looked
> at archives.
>
> How secure is piping to a script with cc?
As secure as your command and script is.
> I mean: Is the message being shell-escaped when using
SHELL=/bin/sh or
> is it being passed directly to the script being cc'd to
without going
> through the shell?
The message will be received by the shell script on standard
input.
> I assume that all values passed from mda are tainted in
that
> possibly included shell escape sequences are left as
is. This correct?
Correct.
> Does getaddr(string) extract valid rfc2822 that can be
assumed to be
> safe/shell-scaped?
No.
You can use the escape function for that.
> Would not setting the SHELL-env from /bin/false
(assuming virtuser) to eg.
> /bin/sh but to a jailshelli be a safer alternative?
>
> I'm sensible to _not_ using import SOEMTHING, btw.
What you need to do is understand is how shell escaping
works. There are
two things happening here:
1) If the parameter to the cc, to, or any other command, is
in double
quotes, maildrop expands all variables in the string, before
forming the
shell command.
Example: to "| bin/myscript '$SUBJECT'"
If the SUBJECT variable contains, say the string
"meeting", maildrop will
expand the string argument to:
| bin/myscript 'meeting'
And internally execute:
argv[0] = "/bin/sh"
argv[1] = "-c"
argv[2] = "bin/myscript 'meeting'"
Of course, if the original SUBJECT variable was inherited
from the incoming
mail message, and contain shell escape characters, you'd be
in trouble.
To do this correctly:
to '| /bin/myscript "$SUBJECT"'
maildrop does not expand variables in text literals that are
delimited by
apostrophes. The resulting parameter to the to command is
exactly:
| /bin/myscript "$SUBJECT"
And maildrop internally executes:
argv[0] = "/bin/sh"
argv[1] = "-c"
argv[2] = "/bin/myscript "$SUBJECT""
As documented in maildropfilter, all maildrop variables get
inherited by any
process started by maildrop as environment variables. The
shell will first
word-split the command, and then perform variable
substitution, resulting in
/bin/myscript receiving "meeting", or whatever was
in the original SUBJECT
variable, without any further interpolation by the shell.
Hope that helps.
> What I'm basically asking is, should i always call
escape() before
> cc'ing to a script and how safe is this? Btw: How can I
call escape() on
> the entire message prior to cc'ing?
You don't. Your script receives the message on standard
input, exactly as
it was received by your mail server. It is your
responsibility to read
standard input, and process it safely.
------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief
surveys-and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Courier-maildrop mailing list
Courier-maildrop lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/courie
r-maildrop
|
