Bug 8982

Summary: User "unsafe" to forward to program.
Product: [Retired] Red Hat Linux Reporter: Henri J. Schlereth <henris>
Component: sendmailAssignee: Cristian Gafton <gafton>
Status: CLOSED WORKSFORME QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.1CC: henris
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-03-04 18:39:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Henri J. Schlereth 2000-01-30 15:48:46 UTC
I have installed the vacation program which creates a .forward pipe
to itself in the user directory. Sendmail 8.9.3-15 issues the following
message:

"550 /home/feral/.forward: line 1: "|vacation feral"... Address feral is
unsafe for mailing to programs"

The sendmail.org faq specifically states that:
"In order for people to be able to run a program from their .forward file,
version 8 sendmail insists that their shell (that is, the
shell listed for that user in the passwd entry) be a "valid" shell, meaning
a shell listed in /etc/shells. If /etc/shells does not exist, a
default list is used, typically consisting of /bin/sh and /bin/csh."

Bash is in /etc/shells and it still doesnt work.

I have not yet tried to see if procmail works or examined the src rpm for
sendmail.

In simple translation, this should work but does not. The original
vacation program was created by Eric Allman and I cant see why sendmail
should be hostile to it. I have both used a contrib rpm for vacation
and compiled a from a tar file. I am left with sendmail as being the
culprit.

Assistance would be appreciated before I have to go code diving.

Comment 1 Henri J. Schlereth 2000-01-30 16:05:59 UTC
I change the permissions on the .forward to go-w and now I get a
core dump with mailer died with a signal 213. So now I am not completely
sure that this a sendmail problem. I suppose I should submit another bug
report on the vacation rpm if that is possible.

Henri

Comment 2 Henri J. Schlereth 2000-01-31 04:54:59 UTC
Rebuilt the sendmail.cf file to include the smrsh FEATURE and now I get a
sh: vacation not available for sendmail programs
554 "|vacation user"... Service unavailable

Comment 3 Cristian Gafton 2000-03-04 18:39:59 UTC
From /usr/lib/sendmail-cf/README:

confUNSAFE_GROUP_WRITES UnsafeGroupWrites
                                        [False] If set, group-writable
                                        :include: and .forward files are
                                        considered "unsafe", that is, programs
                                        and files cannot be directly referenced
                                        from such files.  World-writable files
                                        are always considered unsafe.

You need tochange the default config if you want to change this behavior.
I suggest you take a look at the said file for things you need to tweak.

I am not sure about the vacation rpm you are using, if it is correct or not...