Bug 44757 - smrsh is useless with procmail as LDA
smrsh is useless with procmail as LDA
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: sendmail (Show other bugs)
7.1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Florian La Roche
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-06-15 23:51 EDT by Chris Adams
Modified: 2017-05-12 21:16 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-06-15 23:51:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chris Adams 2001-06-15 23:51:06 EDT
As shipped, sendmail is configured to use procmail as the local delivery
agent.  It is also configured to use the sendmail restricted shell, smrsh,
for program deliveries.

Configuring smrsh when procmail is the LDA is pointless.  Any restrictions
that are set up with smrsh as to what programs users can run from their
.forward files can easily be circumvented with a .procmailrc as simple as

:0
* .
| $HOME/someprogram

As long as procmail is the LDA, configuring sendmail to use smrsh is
nothing but an annoyance and cause for confusion for people not familiar
with smrsh.
Comment 1 Florian La Roche 2001-06-29 05:15:46 EDT
Providing smrsh allows to change the configuration to a more restrictive one
than shipped by default with Red Hat Linux. I think the current setup is ok,
but agree that this point could be added to some Red Hat README about sendmail.

Thanks for this report,

Florian La Roche
Comment 2 Chris Adams 2001-07-02 15:38:43 EDT
I'm not saying that smrsh shouldn't be provided, just that the default
sendmail.cf should not use smrsh since procmail is also used.  This can
be confusing and misleading (some may think that have more security than
they really do since smrsh is rendered useless by procmail).
Comment 3 openshift-github-bot 2017-05-12 21:16:21 EDT
Commit pushed to master at https://github.com/openshift/origin

https://github.com/openshift/origin/commit/8b7ba774dced535d99c8f805edde700f0f6b5120
UPSTREAM: 44760: Fix issue #44757: Flaky Test_AttachDetachControllerRecovery

Note You need to log in before you can comment on or make changes to this bug.