There seems to be some more problems with mailx. While browsing over the source, I found the code that handles the '!' command. (this appears in names.c) if ((shell = value("SHELL")) == NOSTR) shell = SHELL; execl(shell, shell, "-c", fname, 0); As you can see the value() function returns a pointer to the value of (the envoriment variable) SHELL. If SHELL isn't set it defaults to /bin/bash (consult local.h). Then execl() is called to execute the value that shell points too. So you can execute commands with sgid mail privs. One problem you may run into is shell's that drop privs if rgid != egid, so you could simply write a wrapper that calls setrgid(mail) then executes the specified command with sgid mail privs. Affected: system's that have mailx sgid mail. Thanks: aleph1 for his ideas. ----- segv <segvat_private>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:01:11 PDT