8982 – User "unsafe" to forward to program.

Bug 8982 - User "unsafe" to forward to program.

Summary: User "unsafe" to forward to program.

Keywords:
Status:	CLOSED WORKSFORME
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	sendmail
Sub Component:
Version:	6.1
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Cristian Gafton
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2000-01-30 15:48 UTC by Henri J. Schlereth
Modified:	2008-05-01 15:37 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2000-03-04 18:39:43 UTC
Embargoed:

Attachments	(Terms of Use)

Description Henri J. Schlereth 2000-01-30 15:48:46 UTC

I have installed the vacation program which creates a .forward pipe
to itself in the user directory. Sendmail 8.9.3-15 issues the following
message:

"550 /home/feral/.forward: line 1: "|vacation feral"... Address feral is
unsafe for mailing to programs"

The sendmail.org faq specifically states that:
"In order for people to be able to run a program from their .forward file,
version 8 sendmail insists that their shell (that is, the
shell listed for that user in the passwd entry) be a "valid" shell, meaning
a shell listed in /etc/shells. If /etc/shells does not exist, a
default list is used, typically consisting of /bin/sh and /bin/csh."

Bash is in /etc/shells and it still doesnt work.

I have not yet tried to see if procmail works or examined the src rpm for
sendmail.

In simple translation, this should work but does not. The original
vacation program was created by Eric Allman and I cant see why sendmail
should be hostile to it. I have both used a contrib rpm for vacation
and compiled a from a tar file. I am left with sendmail as being the
culprit.

Assistance would be appreciated before I have to go code diving.

Comment 1 Henri J. Schlereth 2000-01-30 16:05:59 UTC

I change the permissions on the .forward to go-w and now I get a
core dump with mailer died with a signal 213. So now I am not completely
sure that this a sendmail problem. I suppose I should submit another bug
report on the vacation rpm if that is possible.

Henri

Comment 2 Henri J. Schlereth 2000-01-31 04:54:59 UTC

Rebuilt the sendmail.cf file to include the smrsh FEATURE and now I get a
sh: vacation not available for sendmail programs
554 "|vacation user"... Service unavailable

Comment 3 Cristian Gafton 2000-03-04 18:39:59 UTC

From /usr/lib/sendmail-cf/README:

confUNSAFE_GROUP_WRITES UnsafeGroupWrites
                                        [False] If set, group-writable
                                        :include: and .forward files are
                                        considered "unsafe", that is, programs
                                        and files cannot be directly referenced
                                        from such files.  World-writable files
                                        are always considered unsafe.

You need tochange the default config if you want to change this behavior.
I suggest you take a look at the said file for things you need to tweak.

I am not sure about the vacation rpm you are using, if it is correct or not...

Note You need to log in before you can comment on or make changes to this bug.