Re: possible local exploit via sendmail with procmail on solaris
Mike,
Sendmail is *supposed* to run the local mailer setuid as the
recipient, so procmail should have run as you. I'm running sendmail
8.13.1 on solaris 7 & 8 and it does seem to setuid properly.
Is it possible that procmail itself is setuid root and is invoking the
shell which is sourcing your .cshrc? It would be interesting to see a
truss -f of sendmail doing a local delivery.
$h is the host as set from the 2nd part of the $# local mailer rule.
It probably isn't set in your sendmail rules for local users.
Regards,
Jeff
----------------------------------------------------------------
Jeff Damens Unix Systems Administrator
Polytechnic University jdamens@xxxxxxxxxxxxxxx
6 Metrotech (718) 260-3492
Brooklyn, New York 11201