Path: utzoo!mnetor!uunet!lll-winken!lll-lcc!ames!mailrus!umix!b-tech!zeeff
From: zeeff@b-tech.UUCP (Jon Zeeff)
Newsgroups: comp.sources.bugs
Subject: Re: unofficial patch to smail 2.5
Message-ID: <4402@b-tech.UUCP>
Date: 8 Apr 88 01:51:29 GMT
References: <1313@iscuva.ISCS.COM>
Reply-To: zeeff@b-tech.UUCP (Jon Zeeff)
Organization: Branch Technology Ann Arbor, MI
Lines: 18
Keywords: smail patch enhancement

In article <1313@iscuva.ISCS.COM> davids@iscuva.ISCS.COM (David Schmidt) writes:
>Here is a small patch to smail 2.5 (comp.sources.unix, volume 11).
>It adds the ability to create aliases which will pipe the mail
>message into a program.
>

I'm sure this works fine, but it sure doesn't look secure.  Think 
about the uid and effective uid when the program is run?  What if it 
happens to be root that triggered uuxqt?  Can a offsite user cause any 
program to be executed by some random id by mailing to |program?  

I have a lmail replacement that will do you what you want in a much safer
manner.  

--Jon

-- 
Jon Zeeff           		Branch Technology,
uunet!umix!b-tech!zeeff  	zeeff%b-tech.uucp@umix.cc.umich.edu