Bug 8982 - User "unsafe" to forward to program.
User "unsafe" to forward to program.
Status: CLOSED WORKSFORME
Product: Red Hat Linux
Classification: Retired
Component: sendmail (Show other bugs)
6.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Cristian Gafton
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-01-30 10:48 EST by Henri J. Schlereth
Modified: 2008-05-01 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-03-04 13:39:43 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Henri J. Schlereth 2000-01-30 10:48:46 EST
I have installed the vacation program which creates a .forward pipe
to itself in the user directory. Sendmail 8.9.3-15 issues the following
message:

"550 /home/feral/.forward: line 1: "|vacation feral"... Address feral is
unsafe for mailing to programs"

The sendmail.org faq specifically states that:
"In order for people to be able to run a program from their .forward file,
version 8 sendmail insists that their shell (that is, the
shell listed for that user in the passwd entry) be a "valid" shell, meaning
a shell listed in /etc/shells. If /etc/shells does not exist, a
default list is used, typically consisting of /bin/sh and /bin/csh."

Bash is in /etc/shells and it still doesnt work.

I have not yet tried to see if procmail works or examined the src rpm for
sendmail.

In simple translation, this should work but does not. The original
vacation program was created by Eric Allman and I cant see why sendmail
should be hostile to it. I have both used a contrib rpm for vacation
and compiled a from a tar file. I am left with sendmail as being the
culprit.

Assistance would be appreciated before I have to go code diving.
Comment 1 Henri J. Schlereth 2000-01-30 11:05:59 EST
I change the permissions on the .forward to go-w and now I get a
core dump with mailer died with a signal 213. So now I am not completely
sure that this a sendmail problem. I suppose I should submit another bug
report on the vacation rpm if that is possible.

Henri
Comment 2 Henri J. Schlereth 2000-01-30 23:54:59 EST
Rebuilt the sendmail.cf file to include the smrsh FEATURE and now I get a
sh: vacation not available for sendmail programs
554 "|vacation user"... Service unavailable
Comment 3 Cristian Gafton 2000-03-04 13:39:59 EST
From /usr/lib/sendmail-cf/README:

confUNSAFE_GROUP_WRITES UnsafeGroupWrites
                                        [False] If set, group-writable
                                        :include: and .forward files are
                                        considered "unsafe", that is, programs
                                        and files cannot be directly referenced
                                        from such files.  World-writable files
                                        are always considered unsafe.

You need tochange the default config if you want to change this behavior.
I suggest you take a look at the said file for things you need to tweak.

I am not sure about the vacation rpm you are using, if it is correct or not...

Note You need to log in before you can comment on or make changes to this bug.