On 03/25/2017 06:55 PM, Viktor Dukhovni wrote:
On Mar 25, 2017, at 9:38 PM, Doug Barton <domain_name_t...@yahoo.com> wrote:
Setting up a new pipe in master.cf I wanted to do 'user=${user}' but that macro
isn't available there, only in argv. I found a workaround, but I was curious
about why?
For good security reasons.
Can you elaborate?
Unlike .forward or files which exist for selected users, injecting
envelope data (e.g. user=${user}) into the pipe(8) execution context
could allow remote senders to execute code as any user on the system
Yes, that's what I want to do. :) Still easily done with a wrapper script.
or modify which command is run, ...
Can you say more about this? If this is correct it seems like a major
security risk.
Postfix attempts to be safe even
in the hands of non-expert users.
That sounds like a good thing to do, obviously .... I just wonder if the
line is drawn in the correct location for this issue.
Doug
