Xref: utzoo comp.mail.misc:4133 comp.unix.shell:573
Path: utzoo!attcan!utgpu!news-server.csri.toronto.edu!rutgers!tut.cis.ohio-state.edu!snorkelwacker!bloom-beacon!athena.mit.edu!jik
From: jik@athena.mit.edu (Jonathan I. Kamens)
Newsgroups: comp.mail.misc,comp.unix.shell
Subject: Re: Shell scripts from smail/sendmail - strange behavior
Message-ID: <1990Oct14.135213.28213@athena.mit.edu>
Date: 14 Oct 90 13:52:13 GMT
References: <1990Oct10.200803.27014@supernet.haus.com>
Sender: daemon@athena.mit.edu (Mr Background)
Reply-To: jik@athena.mit.edu (Jonathan I. Kamens)
Organization: Massachusetts Institute of Technology
Lines: 50


  Sendmail (I don't know about smail, but I suspect, given the description of
your problem, that it's similarly brain-damaged) has a "feature" that is
probably causing your difficulties.

  When sendmail needs to run a program out of the aliases file, the user ID
under which the program will run DEPENDS ON THE RETURN ADDRESS OF THE MAIL. 
Really.

  If the originating address is on the same machine as the sendmail that's
running the script, then the script is run as the user identified in the
originating address.  If, however, the originating address indicates a sender
not on the same machine as the sendmail, then the script is run as root, or
daemon, or whatever sendmail decides to run it as (I think it's configurable;
at my site, it runs as daemon).

  I installed the following test script as an alias on my system, and then
sent mail to myself containing "From: " lines with "jik" in them and
"jik@athena.mit.edu" in them.  In the former case, the data returned from the
script indicated that it was running as jik; in the latter, the script ran as
daemon:

    #!/bin/sh

    ME=`/usr/ucb/whoami`
    ME2=`/bin/who am i`

    (echo "/usr/ucb/whoami returns $ME";
    echo "/bin/who am i returns $ME2";
    echo "Message follows:";
    echo "";
    cat) | mail jik

    EOF

    exit 0

  The solution to the problem?  Write your script as a C program (or write a
stub C program that actually executes the script), and make it setuid to
daemon, or to root, or to whomever else you wish it to run as.  And get
Berkeley to change this behavior of sendmail, which has been around forever
(ane which has been wrong for nearly forever :-).  Actually, that last part
may not be relevant -- I'm testing with version 5.61, and version 5.64 may
have fixed this problem.

--
Jonathan Kamens			              USnail:
MIT Project Athena				11 Ashford Terrace
jik@Athena.MIT.EDU				Allston, MA  02134
Office: 617-253-8495			      Home: 617-782-0710