[Nottingham] chrooted procmail
Mike Cardwell
lug at blubbernet.com
Sat Sep 3 00:38:41 BST 2005
Simon Amor wrote:
> Do you need more than just procmail in /bin/ ?
I don't think so. I was hoping someone could inform me if so... I have
successfully chrooted my self to the correct directory and run procmail
without it bombing out...
> What if it needs to send
> email and run commands - does it need access to the sendmail binary and
> client mailqueue directory and so on?
I want to limit it to purely checking for headers, and then writing to a
different maildir. Once I have that, I can add other executables to the
bin directory as needed.
> I would have thought it'd be pretty difficult to chroot procmail to be honest.
Yes, it is. But it would improve the mail system I am writing no end if
I could figure it out. The other option which I don't particularly want
to do is write my own filtering language.
> How is the procmailrc going to be edited? will it be done as a textfile
> edit by the user or is it all via some kind of cgi that could do sanity
> checking and so on? If the latter, do you really need it to be chrooted
> or could you just check the actual contents of the procmailrc file
> strictly enough that it won't ever edit something it shouldn't?
The procmail rc files will be edited by a cgi. I *could* do sanity
checking but that is quite risky; procmail rc files can have quite
complex syntax, and I want to allow that...
Mike
More information about the Nottingham
mailing list