Shell scripts from smail/sendmail - strange behavior
Jonathan I. Kamens
jik at athena.mit.edu
Sun Oct 14 23:52:13 AEST 1990
Sendmail (I don't know about smail, but I suspect, given the description of
your problem, that it's similarly brain-damaged) has a "feature" that is
probably causing your difficulties.
When sendmail needs to run a program out of the aliases file, the user ID
under which the program will run DEPENDS ON THE RETURN ADDRESS OF THE MAIL.
Really.
If the originating address is on the same machine as the sendmail that's
running the script, then the script is run as the user identified in the
originating address. If, however, the originating address indicates a sender
not on the same machine as the sendmail, then the script is run as root, or
daemon, or whatever sendmail decides to run it as (I think it's configurable;
at my site, it runs as daemon).
I installed the following test script as an alias on my system, and then
sent mail to myself containing "From: " lines with "jik" in them and
"jik at athena.mit.edu" in them. In the former case, the data returned from the
script indicated that it was running as jik; in the latter, the script ran as
daemon:
#!/bin/sh
ME=`/usr/ucb/whoami`
ME2=`/bin/who am i`
(echo "/usr/ucb/whoami returns $ME";
echo "/bin/who am i returns $ME2";
echo "Message follows:";
echo "";
cat) | mail jik
EOF
exit 0
The solution to the problem? Write your script as a C program (or write a
stub C program that actually executes the script), and make it setuid to
daemon, or to root, or to whomever else you wish it to run as. And get
Berkeley to change this behavior of sendmail, which has been around forever
(ane which has been wrong for nearly forever :-). Actually, that last part
may not be relevant -- I'm testing with version 5.61, and version 5.64 may
have fixed this problem.
--
Jonathan Kamens USnail:
MIT Project Athena 11 Ashford Terrace
jik at Athena.MIT.EDU Allston, MA 02134
Office: 617-253-8495 Home: 617-782-0710
More information about the Comp.unix.shell
mailing list