Vince Vielhaber writes:
> I was just going over Russ' script for securing a mailing list:
>
> |grep "^[#&]$SENDER$" ".qmail-$EXT" || (echo "You are not authorized to
> send mail to this list."; exit 1)
> &address
> &address
> ...
>
> Then I wanted to use qmail to handle subscriptions, BUT qmail seems
> to dislike this arrangement because qlist sets the x bit and qmail
> rejects the pipe *because* the x bit is set. Fun, huh?
>
> Here's the question. Is it acceptable to chmod u-x the file in the
> .qmail-listname-request file? Would this work? Can anyone think of
> any drawbacks?
Sure. You're destroying the security increase caused by disallowing
commands in the .qmail-listname file. What you should do is either
use my qlist patch (on http://www.qmail.org), or else accomplish the
same thing by inserting a +list command, like this:
|grep "^[#&]$SENDER$" ".qmail-$EXT" || (echo "You are not authorized to send mail to this list."; exit 1)
+list
&address
&address
--
-russ <nelson@crynwr.com> http://www.crynwr.com/~nelson
Crynwr Software sells network driver support | PGP ok
521 Pleasant Valley Rd. | +1 315 268 1925 voice | Peace, Justice, Freedom:
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | pick two (only mostly true)
> I was just going over Russ' script for securing a mailing list:
>
> |grep "^[#&]$SENDER$" ".qmail-$EXT" || (echo "You are not authorized to
> send mail to this list."; exit 1)
> &address
> &address
> ...
>
> Then I wanted to use qmail to handle subscriptions, BUT qmail seems
> to dislike this arrangement because qlist sets the x bit and qmail
> rejects the pipe *because* the x bit is set. Fun, huh?
>
> Here's the question. Is it acceptable to chmod u-x the file in the
> .qmail-listname-request file? Would this work? Can anyone think of
> any drawbacks?
Sure. You're destroying the security increase caused by disallowing
commands in the .qmail-listname file. What you should do is either
use my qlist patch (on http://www.qmail.org), or else accomplish the
same thing by inserting a +list command, like this:
|grep "^[#&]$SENDER$" ".qmail-$EXT" || (echo "You are not authorized to send mail to this list."; exit 1)
+list
&address
&address
--
-russ <nelson@crynwr.com> http://www.crynwr.com/~nelson
Crynwr Software sells network driver support | PGP ok
521 Pleasant Valley Rd. | +1 315 268 1925 voice | Peace, Justice, Freedom:
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | pick two (only mostly true)