Re: MAILER configuration

Subject:	Re: MAILER configuration
From:	"Aaron J. Grier" <agrier AT poofygoof DOT com>
To:	amanda-users AT amanda DOT org
Date:	Thu, 11 Jan 2007 14:32:43 -0800

On Thu, Jan 11, 2007 at 10:58:07AM -0500, Jean-Louis Martineau wrote:
> amanda remove most the environment variable for security reason.
> mailx require the HOME environment variable to find the user .mailrc file
> Could you try the attached patch.
> 
> Do someone know if the HOME environment variable can be used to break 
> suid program?

of course it can!

passing only MAILRC variable (and leaving HOME unset) might be slightly
safer in this case.

-- 
  Aaron J. Grier | "Not your ordinary poofy goof." | agrier AT poofygoof DOT com
              "silly brewer, saaz are for pils!"  --  virt

<Prev in Thread]	Current Thread	[Next in Thread>
MAILER configuration, Thomas Steiger Re: MAILER configuration, Gene Heskett Re: MAILER configuration, Jean-Louis Martineau Re: MAILER configuration, Thomas Steiger Re: MAILER configuration, Aaron J. Grier <=

Previous by Date:	Re: MAILER configuration, Thomas Steiger
Next by Date:	Re: Problem with tar 1.16, Nicki Messerschmidt
Previous by Thread:	Re: MAILER configuration, Thomas Steiger
Next by Thread:	Server outside of my firewall is now experiencing problems, Chuck Amadi Systems Administrator
Indexes:	[Date] [Thread] [Top] [All Lists]